From e32b0b4725b666f73f4822142de50c289bc1663c Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Thu, 28 Dec 2023 15:49:46 +0800 Subject: [PATCH] Create Apache_OFBiz_webtools_control_ProgramExport_remote_code_execution_vulnerability.md --- ...gramExport_remote_code_execution_vulnerability.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 Apache_OFBiz_webtools_control_ProgramExport_remote_code_execution_vulnerability.md diff --git a/Apache_OFBiz_webtools_control_ProgramExport_remote_code_execution_vulnerability.md b/Apache_OFBiz_webtools_control_ProgramExport_remote_code_execution_vulnerability.md new file mode 100644 index 0000000..128c15f --- /dev/null +++ b/Apache_OFBiz_webtools_control_ProgramExport_remote_code_execution_vulnerability.md @@ -0,0 +1,12 @@ +## Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467) + +| **Vulnerability** | **Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467)** | +| :----: | :-----| +| **Chinese name** | Apache OFBiz webtools/control/ProgramExport 远程代码执行漏洞(CVE-2023-51467) | +| **CVSS core** | 9.8 | +| **FOFA Query** (click to view the results directly)| [app="Apache_OFBiz"](https://en.fofa.info/result?qbase64=Y2VydD0iT3JnYW5pemF0aW9uYWwgVW5pdDogQXBhY2hlIE9GQml6IiB8fCAoYm9keT0id3d3Lm9mYml6Lm9yZyIgJiYgYm9keT0iL2ltYWdlcy9vZmJpel9wb3dlcmVkLmdpZiIpIHx8IGhlYWRlcj0iU2V0LUNvb2tpZTogT0ZCaXouVmlzaXRvciIgfHwgYmFubmVyPSJTZXQtQ29va2llOiBPRkJpei5WaXNpdG9yIg%3D%3D) | +| **Number of assets affected** | 5912 | +| **Description** |Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | +| **Impact** | Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. | + +![](https://s3.bmp.ovh/imgs/2023/12/28/f81ea49af8383f1b.gif)