漏洞描述
Apache OFBiz是一个用于构建企业级电子商务应用的平台。该漏洞由SSRF和信息泄露问题组成,攻击者可构造恶意请求绕过身份认证,获取敏感信息或发起服务端请求伪造攻击。由于该漏洞无需权限即可利用,可能导致关键业务数据泄露,建议企业立即升级至18.12.11或更高版本。
Apache OFBiz /partymgr/control/getJSONuiLabel 服务器端请求伪造漏洞(CVE-2023-50968)
PoC代码
暂无相关漏洞推荐
- POCCVE-2018-8033: Apache OFBiz XXE
- POCCVE-2020-9496: Apache OFBiz XML-RPC Java Deserialization
- POCCVE-2021-29200: Apache OFBiz < 17.12.07 - Arbitrary Code Execution
- POCCVE-2023-49070: Apache OFBiz < 18.12.10 - Arbitrary Code Execution
- POCCVE-2024-38856: Apache OFBiz CVE-2024-38856 远程命令执行漏洞
- POCapache-ofbiz-log4j-rce-temp: Apache OFBiz Log4j JNDI RCE
- POCapache-ofbiz-log4j-rce: Apache OFBiz Log4j JNDI RCE
- POCapache-ofbiz-programexport-rce: Apache ofbiz programexport RCE
- POCapache-ofbiz-CVE-2023-51467-xmlrpc-rce: Apache ofbiz CVE-2023-51467 xmlrpc RCE
- 无POCApache OFBiz StatsSinceStart 远程代码执行漏洞(CVE-2024-45507)
- POCCVE-2018-8033: Apache OFBiz 16.11.04 - XML Entity Injection
- POCCVE-2020-1943: Apache OFBiz <=16.11.07 - Cross-Site Scripting
- POCCVE-2020-9496: Apache OFBiz 17.12.03 - Cross-Site Scripting