CVE-2023-1719

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 1, 2023
Updated: Nov 9, 2023
CWE ID 665

Summary

CVE-2023-1719 is a vulnerability affecting the Bitrix24 22.0.300 software's tools.php file in the main module. This issue allows unauthenticated attackers to extract attachments from the server and inject arbitrary JavaScript code into the victim's browser. If the victim holds administrator privileges, the attacker may also execute arbitrary PHP code on the server by overwriting uninitialized variables. This vulnerability poses a significant risk and requires immediate attention from Bitrix24 users and administrators.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share