Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: prior to 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Jacqu ...
Apache-OFBiz-Directory-Traversal-exploit
Introduction
The CVE-2024-32113 vulnerability allows for arbitrary code execution on an Apache OFBiz server by sending a specially crafted HTTP request
In this request, the attacker uses the parameter //////etc/passwd to point to the etc/passwd file on the Apache OFBiz server
When the Apache OFBiz server processes this req