admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2024-08-06 18:56:52 +08:00 committed by GitHub
parent a81dbba2c2
commit fe1e4aae05
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
GobyVuls-Document.md
View File

@ -4,6 +4,18 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
**Updated document date: July 17, 2024** **Updated document date: July 17, 2024**
## ##
| **Vulnerability** | Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)|
| :----: | :-----|
| **Chinese name** | Apache OFbiz /ProgramExport 命令执行漏洞CVE-2024-38856 |
| **CVSS core** | 9.30 |
| **FOFA Query** (click to view the results directly)| [ app=“Apache_OFBiz”](https://fofa.info/result?qbase64=YXBwPSJBcGFjaGVfT0ZCaXoi)|
| **Number of assets affected** | 2,728 |
| **Description** |Apache OFBiz is an e-commerce platform used to build multi-layer and distributed e-commerce application systems at the enterprise level, cross-platform, cross-database, and cross-application servers. |
| **Impact** | Apache OFBiz has a logical flaw in handling the rendering of the view view, and an attacker can execute arbitrary code by constructing a special URL to override the final rendered view.
| **Affected versions** |Apache OFBiz <= 18.12.14
| **Vulnerability** | ServiceNowUI /login.do Input Validation VulnerabilityCVE-2024-4879| | **Vulnerability** | ServiceNowUI /login.do Input Validation VulnerabilityCVE-2024-4879|
| :----: | :-----| | :----: | :-----|