» CVE

CVE-2023-1719

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-1719

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.

Source: CVE-2023-1719

CVE-2023-42635

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42635

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42635

CVE-2023-42637

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42637

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42637

CVE-2023-42638

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42638

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42638

CVE-2023-42639

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42639

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42639

CVE-2023-42631

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42631

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42631

CVE-2023-1717

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-1717

Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victimâ€™s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.

Source: CVE-2023-1717

CVE-2023-1714

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-1714

Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.

Source: CVE-2023-1714

CVE-2023-1720

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-1720

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.

Source: CVE-2023-1720

CVE-2023-42640

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42640

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42640