CVE-2023-1714 PoC — Bitrix24 安全漏洞

Source

https://github.com/ForceFledgling/CVE-2023-1714

Associated Vulnerability

Title:Bitrix24 安全漏洞 (CVE-2023-1714)
Description:Bitrix24是美国Bitrix公司的一套企业社交平台。该平台包括在线通讯、日历管理和CRM（客户关系管理）等功能。 Bitrix24 22.0.300版本存在安全漏洞，该漏洞源于文件/user_options.php存在安全漏洞。经过身份验证的攻击者可利用该漏洞通过将任意内容附加到现有PHP文件或通过PHAR反序列化来执行任意代码。

Description

Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!