GobyVuls/CVE-2023-32315.md

Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)

Vulnerability	Ignite Realtime Openfire Permission Bypass Vulnerability (CVE-2023-32315)
Chinese name	Ignite Realtime Openfire 权限绕过漏洞（CVE-2023-32315）
CVSS core	7.5
FOFA Query (click to view the results directly)	(body="background: transparent url(images/login_logo.gif) no-repeat" && body="Openfire") || (body="class="row justify-content-center"" && body="<title>Openfire 管理界面</title>") || title="Openfire Admin Console" || title="Openfire HTTP Binding Service" || (body="align="right" id="jive-loginVersion" && body="Openfire") || title="Открытый огонь Консоль Администрации" || title=="Openfire 管理界面"
Number of assets affected	49936
Description	Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States. There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function.
Impact	There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function.