CVE-2019-0235

HIGH

Apache OFBiz 17.12.01 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-0235. PoCs published by Faiz Ahmed Zaidi.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Apache OFBiz versions before 17.12.03, allowing an attacker to change the admin's email address via a crafted HTML form. The attacker can then reset the password to take over the account.

Description

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

Exploits (1)

exploitdb WORKING POC
by Faiz Ahmed Zaidi · textwebappsjava
https://www.exploit-db.com/exploits/48408

This exploit demonstrates a CSRF vulnerability in Apache OFBiz versions before 17.12.03, allowing an attacker to change the admin's email address via a crafted HTML form. The attacker can then reset the password to take over the account.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Apache OFBiz < 17.12.03
No auth needed
Prerequisites: Victim must visit the malicious HTML page · Target must be logged into OFBiz as admin
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List, Vendor Advisory x_refsource_confirm
https://s.apache.org/n4vnt

Scores

CVSS v3 8.8
EPSS 0.3275
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
apache/ofbiz 17.12.01
Published Apr 30, 2020
Tracked Since Feb 18, 2026