mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-06 10:41:40 +00:00
13 lines
1.0 KiB
Markdown
13 lines
1.0 KiB
Markdown
|
**Updated document date: August 6, 2024**
|
|||
|
|
|
|||
|
|
## Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)
|
|||
|
|
| **Vulnerability** | Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)|
|
|||
|
|
| :----: | :-----|
|
|||
|
|
| **Chinese name** | Apache OFbiz /ProgramExport 命令执行漏洞(CVE-2024-38856) |
|
|||
|
|
| **CVSS core** | 9.30 |
|
|||
|
|
| **FOFA Query** (click to view the results directly)| [ app=“Apache_OFBiz”](https://fofa.info/result?qbase64=YXBwPSJBcGFjaGVfT0ZCaXoi)|
|
|||
|
|
| **Number of assets affected** | 2,728 |
|
|||
|
|
| **Description** |Apache OFBiz is an e-commerce platform used to build multi-layer and distributed e-commerce application systems at the enterprise level, cross-platform, cross-database, and cross-application servers. |
|
|||
|
|
| **Impact** | Apache OFBiz has a logical flaw in handling the rendering of the view view, and an attacker can execute arbitrary code by constructing a special URL to override the final rendered view.
|
|||
|
|
| **Affected versions** |Apache OFBiz <= 18.12.14
|