VYPR
High severity8.8NVD Advisory· Published Nov 1, 2023· Updated Jun 17, 2026

CVE-2023-1714

CVE-2023-1714

Description

Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Bitrix/Bitrix24llm-fuzzy2 versions
    = 22.0.300+ 1 more
    • (no CPE)range: = 22.0.300
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.