admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Apache OFbiz ProgramExport Command Execution Vulnerability(CVE-2024-38856).md

Browse Source
This commit is contained in:
Goby 2024-08-06 19:11:23 +08:00 committed by GitHub
parent 66d780b5ad
commit fb81d0502e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Apache OFbiz ProgramExport Command Execution Vulnerability(CVE-2024-38856).md Normal file
View File

@ -0,0 +1,12 @@
**Updated document date: August 6, 2024**
## Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)
| **Vulnerability** | Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)|
| :----: | :-----|
| **Chinese name** | Apache OFbiz /ProgramExport 命令执行漏洞CVE-2024-38856 |
| **CVSS core** | 9.30 |
| **FOFA Query** (click to view the results directly)| [ app=“Apache_OFBiz”](https://fofa.info/result?qbase64=YXBwPSJBcGFjaGVfT0ZCaXoi)|
| **Number of assets affected** | 2,728 |
| **Description** |Apache OFBiz is an e-commerce platform used to build multi-layer and distributed e-commerce application systems at the enterprise level, cross-platform, cross-database, and cross-application servers. |
| **Impact** | Apache OFBiz has a logical flaw in handling the rendering of the view view, and an attacker can execute arbitrary code by constructing a special URL to override the final rendered view.
| **Affected versions** |Apache OFBiz <= 18.12.14