This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createRegister method. The issue results from outputting an error message that includes sensitive information. An attacker can leverage this vulnerability to disclose the names of internal paths used by the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache ofbiz |