.. / CVE-2023-51467

Exploit for Apache OFBiz < 18.12.11 - Remote Code Execution (CVE-2023-51467)

Description:

The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)

Nuclei Template

View the template here CVE-2023-51467.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-51467.yaml
Copy

References:

https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv
https://twitter.com/_0xf4n9x_/status/1740202435367543183
https://nvd.nist.gov/vuln/detail/CVE-2023-51467
https://www.openwall.com/lists/oss-security/2023/12/26/3
https://issues.apache.org/jira/browse/OFBIZ-12873