From 352ce81806cadbfe763202a0d1c6abd2851a4bb9 Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Thu, 28 Dec 2023 15:57:25 +0800 Subject: [PATCH] Update GobyVuls-Document.md --- GobyVuls-Document.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/GobyVuls-Document.md b/GobyVuls-Document.md index 7ba66d9..e09fd19 100644 --- a/GobyVuls-Document.md +++ b/GobyVuls-Document.md @@ -1,7 +1,25 @@ # Goby History Update Vulnerability Total Document (Continuously Update) The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. -**Updated document date: December 07, 2023** +**Updated document date: December 28, 2023** + + +## Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467) + +| **Vulnerability** | **Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467)** | +| :----: | :-----| +| **Chinese name** | Apache OFBiz webtools/control/ProgramExport 远程代码执行漏洞(CVE-2023-51467) | +| **CVSS core** | 9.8 | +| **FOFA Query** (click to view the results directly)| [app="Apache_OFBiz"](https://en.fofa.info/result?qbase64=Y2VydD0iT3JnYW5pemF0aW9uYWwgVW5pdDogQXBhY2hlIE9GQml6IiB8fCAoYm9keT0id3d3Lm9mYml6Lm9yZyIgJiYgYm9keT0iL2ltYWdlcy9vZmJpel9wb3dlcmVkLmdpZiIpIHx8IGhlYWRlcj0iU2V0LUNvb2tpZTogT0ZCaXouVmlzaXRvciIgfHwgYmFubmVyPSJTZXQtQ29va2llOiBPRkJpei5WaXNpdG9yIg%3D%3D) | +| **Number of assets affected** | 5912 | +| **Description** |Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | +| **Impact** | Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | + +![](https://s3.bmp.ovh/imgs/2023/12/28/f81ea49af8383f1b.gif) + + + + ## Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)