CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-1713

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.039

EPSS Ranking 87.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://starlabs.sg/advisories/23/23-1713/
https://starlabs.sg/advisories/23/23-1713/

Products affected by CVE-2023-1713

Bitrix24 » Bitrix24 » Version: 22.0.300

cpe:2.3:a:bitrix24:bitrix24:22.0.300

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1713

Products

Pricing

Contact Us