Published: 01/11/2023 Updated: 09/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated malicious users to execute arbitrary code via uploading a crafted ".htaccess" file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bitrix24 bitrix24 22.0.300

Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation

CVE-2023-1713 Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagramphp in Bitrix24 220300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted “htaccess” file starlabssg/advisories/23/2

Check bitrix vulnerabilities

Bitrix Scanner Check your website for Bitrix vulnerabilities Table of Contents Features Usage Running scan mode Running RCE object injection Running RCE vote Running RCE vote using htaccess Running RCE vote phar deserialization Running RCE via Insecure Temporary File Creation Legal disclaime

CWE-434 https://starlabs.sg/advisories/23/23-1713/https://nvd.nist.gov https://github.com/ForceFledgling/CVE-2023-1713

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-1713

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect