漏洞描述
Apache OFBiz是一个开源的企业资源规划(ERP)系统,提供了多种商业功能和模块。Apache OFBiz 在 webtools/control/xmlrpc 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。
Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞(CVE-2023-49070)
PoC代码
暂无相关漏洞推荐
- Apache OFBiz StatsSinceStart 远程代码执行漏洞(CVE-2024-45507)
- Apache OFBiz /partymgr/control/getJSONuiLabel 服务器端请求伪造漏洞(CVE-2023-50968)
- POC CVE-2018-8033: Apache OFBiz 16.11.04 - XML Entity Injection
- POC CVE-2020-1943: Apache OFBiz <=16.11.07 - Cross-Site Scripting
- POC CVE-2020-9496: Apache OFBiz 17.12.03 - Cross-Site Scripting
- POC CVE-2021-26295: Apache OFBiz <17.12.06 - Arbitrary Code Execution
- POC CVE-2021-29200: Apache OFBiz < 17.12.07 - Arbitrary Code Execution
- POC CVE-2021-30128: Apache OFBiz <17.12.07 - Arbitrary Code Execution
- POC CVE-2022-47501: Apache OFBiz < 18.12.07 - Local File Inclusion
- POC CVE-2023-49070: Apache OFBiz < 18.12.10 - Arbitrary Code Execution
- POC CVE-2023-50968: Apache OFBiz < 18.12.11 - Server Side Request Forgery
- POC CVE-2023-51467: Apache OFBiz < 18.12.11 - Remote Code Execution
- POC CVE-2024-32113: Apache OFBiz Directory Traversal - Remote Code Execution