GobyVuls/Apache OFbiz ProgramExport Command Execution Vulnerability(CVE-2024-38856).md at master - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

Goby fb81d0502e

Create Apache OFbiz ProgramExport Command Execution Vulnerability(CVE-2024-38856).md

2024-08-06 19:11:23 +08:00

1.0 KiB

Raw Permalink Blame History

Updated document date: August 6, 2024

Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)

Vulnerability	Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)
Chinese name	Apache OFbiz /ProgramExport 命令执行漏洞（CVE-2024-38856）
CVSS core	9.30
FOFA Query (click to view the results directly)	app=“Apache_OFBiz”
Number of assets affected	2,728
Description	Apache OFBiz is an e-commerce platform used to build multi-layer and distributed e-commerce application systems at the enterprise level, cross-platform, cross-database, and cross-application servers.
Impact	Apache OFBiz has a logical flaw in handling the rendering of the view view, and an attacker can execute arbitrary code by constructing a special URL to override the final rendered view.
Affected versions	Apache OFBiz <= 18.12.14