CVE-2023-1719
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 1, 2023
Updated: Nov 9, 2023
CWE ID 665
Summary
CVE-2023-1719 is a vulnerability affecting the Bitrix24 22.0.300 software's tools.php file in the main module. This issue allows unauthenticated attackers to extract attachments from the server and inject arbitrary JavaScript code into the victim's browser. If the victim holds administrator privileges, the attacker may also execute arbitrary PHP code on the server by overwriting uninitialized variables. This vulnerability poses a significant risk and requires immediate attention from Bitrix24 users and administrators.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Bitrix24
Affected Vendors
- Bitrix24