CVE-2023-1719
published 2023-11-01CVE-2023-1719: Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.97%
91.1th percentile
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitrix24 | bitrix24 | <= 22.0.300 | — |
| bitrix24 | bitrix24 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php with a log_cnt parameter; a vulnerable response returns HTTP 200 with Content-Type text/html and a body containing the string 'LOG_CNT': ↗
- →Shodan/FOFA fingerprinting: hosts serving content containing '/bitrix/' in the HTML body are candidate Bitrix24 instances to probe for this vulnerability. ↗
- →The vulnerability is exploitable by unauthenticated attackers (no session/auth required) via overwriting uninitialised variables in tools.php, enabling XSS and potential RCE if the victim holds administrator privilege. ↗
- ·Affected version is specifically Bitrix24 22.0.300; the Nuclei template targets this exact version via CPE cpe:2.3:a:bitrix24:bitrix24:22.0.300. ↗
- ·PHP code execution is conditional — it only occurs if the victim browsing the malicious payload holds administrator privilege on the Bitrix24 instance. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Bitrix Component - Cross-Site Scripting
nuclei·CVSS 9.8
CVE-2023-1719 [CRITICAL] Bitrix Component - Cross-Site Scripting
Bitrix Component - Cross-Site Scripting
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.
Template:
id: CVE-2023-1719
info:
name: Bitrix Component - Cross-Site Scripting
author: DhiyaneshDk
severity: critical
description: |
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute a
Talos
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
blogs_talos·2023-08-23·CVSS 8.5
CVE-2022-34671 [HIGH] Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.
Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIA’s graphics cards.
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
All three issues, identified as TALOS-2023-1719 (CVE-2022-34671), TALOS-2023-1720 (CVE-2022-34671) and TALOS-2023-1721 (CVE-2022-34671), have a CVSS severity rating of 8.5 out of 10.
An attacker could exploit these vulnerabilities from guest machines running virtualization environments (such as VMware, QEMU and VirtualBox) to perform a guest-to-host escape, as we’ve illustrated with previous vulner
Talos
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
blogs_talos·2023-08-23·CVSS 8.5
[HIGH] Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
## Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post.
Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIA’s graphics cards.
The driver is vulnerable to memory corruption if an adversary sends a specially crafted shader packer, which can lead to a memory corruption problem in the driver.
All three issues, identified as TALOS-2023-1719 (CVE-2022-34671), TALOS-2023-1720 (CVE-2022-34671) and TALOS-2023-1721 (CVE-2022-34671), have a CVSS severity rating of 8.5 out of 10.
An attacker could exploit these vulnerabilities from guest machines running virtualization environments (such as VMware, QEMU and Virtua
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2023-11-01
Published