Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
Vulnerability Description
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Bitrix24 安全漏洞
Vulnerability Description
Bitrix24是美国Bitrix公司的一套企业社交平台。该平台包括在线通讯、日历管理和CRM(客户关系管理)等功能。 Bitrix24 22.0.300版本存在安全漏洞,该漏洞源于文件/user_options.php存在安全漏洞。经过身份验证的攻击者可利用该漏洞通过将任意内容附加到现有PHP文件或通过PHAR反序列化来执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A