Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction Unsafe variable extraction in bitrix/modules/main/classes/general/user_optionsphp in Bitrix24 220300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization starlabssg/advisories/23/23-171