## Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)

|   **Vulnerability**  | 	Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)  |
| :----:   | :-----|
|  **Chinese name**  | Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞（CVE-2023-49070） |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [app="Apache_OFBiz"](https://en.fofa.info/result?qbase64=Y2VydD0iT3JnYW5pemF0aW9uYWwgVW5pdDogQXBhY2hlIE9GQml6IiB8fCAoYm9keT0id3d3Lm9mYml6Lm9yZyIgJiYgYm9keT0iL2ltYWdlcy9vZmJpel9wb3dlcmVkLmdpZiIpIHx8IGhlYWRlcj0iU2V0LUNvb2tpZTogT0ZCaXouVmlzaXRvciIgfHwgYmFubmVyPSJTZXQtQ29va2llOiBPRkJpei5WaXNpdG9yIg%3D%3D) |
| **Number of assets affected**  | 	5883 |
| **Description**  | Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. |
| **Impact** | Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server. |

![](https://s3.bmp.ovh/imgs/2023/12/07/a73e0ef58369cbd8.gif)