Currently published 136 advisories.
(CVE-2023-1718) Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access
Summary: Product Bitrix24 Vendor Bitrix24 Severity High Affected Versions Bitrix24 22.0.300 (latest version as of writing) Tested Versions Bitrix24 22.0.300 (latest version as of writing) CVE Identifier CVE-2023-1718 CVE Description Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted “tmp_url”. CWE Classification(s) CWE-835 Loop with Unreachable Exit Condition (‘Infinite Loop’) CAPEC Classification(s) CAPEC-545 Pull Data from System Resources CVSS3....