GobyVuls/Apache_OFBiz_webtools\control\xmlrpc_Remote_Code_Execution_Vulnerability.md at master - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

Goby 54afceef41

Create Apache_OFBiz_webtools\control\xmlrpc_Remote_Code_Execution_Vulnerability.md

2023-12-07 16:53:51 +08:00

1.5 KiB

Raw Permalink Blame History

Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)

Vulnerability	Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)
Chinese name	Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞（CVE-2023-49070）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="Apache_OFBiz"
Number of assets affected	5883
Description	Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.
Impact	Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.