CVE-2023-1718

Summary

Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".

Affected Software

VendorProductVersion RangeStatus
Bitrix24Bitrix240 <= 22.0.300affected

Weaknesses

  • CWE-835: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References