CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-1718

Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".

Exploit prediction scoring system (EPSS) score

EPSS Score 0.446

EPSS Ranking 97.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://starlabs.sg/advisories/23/23-1718/
https://starlabs.sg/advisories/23/23-1718/

Products affected by CVE-2023-1718

Bitrix24 » Bitrix24 » Version: 22.0.300

cpe:2.3:a:bitrix24:bitrix24:22.0.300

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-1718

Products

Pricing

Contact Us