Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: prior to 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Severity: important
Affected versions:
- Apache OFBiz before 181213
Description:
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBizThis issue
affects Apache OFBiz: before 181213
Users are recommended to upgrade to version 181213, which fixes the issue
Credit:
Qiyi Zhang (Rac ...
Apache-OFBiz-Directory-Traversal-exploit
Introduction
The CVE-2024-32113 vulnerability allows for arbitrary code execution on an Apache OFBiz server by sending a specially crafted HTTP request
In this request, the attacker uses the parameter //////etc/passwd to point to the etc/passwd file on the Apache OFBiz server
When the Apache OFBiz server processes this req