漏洞描述
Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。
Apache OFBiz 18.12.13之前版本存在路径遍历漏洞,该漏洞源于受限目录路径名不正确限制。
Apache OFBiz 存在远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- Apache OFBiz StatsSinceStart 远程代码执行漏洞(CVE-2024-45507)
- Apache OFBiz /partymgr/control/getJSONuiLabel 服务器端请求伪造漏洞(CVE-2023-50968)
- POC CVE-2018-8033: Apache OFBiz 16.11.04 - XML Entity Injection
- POC CVE-2020-1943: Apache OFBiz <=16.11.07 - Cross-Site Scripting
- POC CVE-2020-9496: Apache OFBiz 17.12.03 - Cross-Site Scripting
- POC CVE-2021-26295: Apache OFBiz <17.12.06 - Arbitrary Code Execution
- POC CVE-2021-29200: Apache OFBiz < 17.12.07 - Arbitrary Code Execution
- POC CVE-2021-30128: Apache OFBiz <17.12.07 - Arbitrary Code Execution
- POC CVE-2022-47501: Apache OFBiz < 18.12.07 - Local File Inclusion
- POC CVE-2023-49070: Apache OFBiz < 18.12.10 - Arbitrary Code Execution
- POC CVE-2023-50968: Apache OFBiz < 18.12.11 - Server Side Request Forgery
- POC CVE-2023-51467: Apache OFBiz < 18.12.11 - Remote Code Execution
- POC CVE-2024-32113: Apache OFBiz Directory Traversal - Remote Code Execution