Vulnerabilities > Bitrix24 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-01 | CVE-2023-1713 | Unrestricted Upload of File with Dangerous Type vulnerability in Bitrix24 22.0.300 Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file. | 8.8 |
| 2023-11-01 | CVE-2023-1714 | Deserialization of Untrusted Data vulnerability in Bitrix24 22.0.300 Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization. | 8.8 |
| 2023-11-01 | CVE-2023-1718 | Infinite Loop vulnerability in Bitrix24 22.0.300 Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url". | 7.5 |
| 2023-11-01 | CVE-2023-1720 | Unrestricted Upload of File with Dangerous Type vulnerability in Bitrix24 22.0.300 Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile. | 8.0 |