.. / CVE-2024-32113

Exploit for Apache OFBiz < 18.12.13 - Unauthenticated Remote Code Execution (CVE-2024-32113)

Description:

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-32113.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-32113.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-32113
https://issues.apache.org/jira/browse/OFBIZ-13006
https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit