CVE-2024-32113
Apache OFBiz: Path traversal leading to RCE
In short
Apache OFBiz has a path traversal vulnerability that allows attackers to access files outside the intended directory and execute arbitrary code on the server. This is a critical flaw that affects all versions before 18.12.13.
Technical detail
A path traversal vulnerability in Apache OFBiz (CWE-22) permits unauthenticated attackers to escape directory restrictions and achieve remote code execution (RCE) by manipulating file path inputs. The vulnerability impacts all versions prior to 18.12.13; remediation requires immediate upgrade to patched version.
Summary generated and translated by AI from the official description.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
Apache Software Foundation · Apache OFBizpublic PoCs found — 6
githubgithub.com/Mr-xn/CVE-2024-32113★ 27githubgithub.com/RacerZ-fighting/CVE-2024-32113-POC★ 8githubgithub.com/YongYe-Security/CVE-2024-32113★ 6githubgithub.com/guinea-offensive-security/Ofbiz-RCE★ 0githubgithub.com/luizgaf/CVE-2024-32113-Exploit★ 0exploitdbwww.exploit-db.com/exploits/52020unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://issues.apache.org/jira/browse/OFBIZ-13006https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrdhttps://ofbiz.apache.org/download.htmlhttps://ofbiz.apache.org/security.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-32113http://www.openwall.com/lists/oss-security/2024/05/09/1