cve/2023/CVE-2023-1720.md

### [CVE-2023-1720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1720)
![](https://img.shields.io/static/v1?label=Product&message=Bitrix24&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2022.0.300%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)

### Description

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.

### POC

#### Reference
- https://starlabs.sg/advisories/23/23-1720/

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-1720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1720)`
			`![](https://img.shields.io/static/v1?label=Product&message=Bitrix24&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2022.0.300%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)`

			`### Description`

			`Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.`

			`### POC`

			`#### Reference`
			`- https://starlabs.sg/advisories/23/23-1720/`

			`#### Github`
			`No PoCs found on GitHub currently.`