CVE-2024-32113

CRITICAL KEV NUCLEI

Apache OFBiz <18.12.13 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2024-32113 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 7, 2024. EIP tracks 7 public exploits from researchers including Abdualhadi khalifa, Mr-xn, RacerZ-fighting, including a Metasploit module exploits/multi/http/apache_ofbiz_forgot_password_directory_traversal. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Apache OFBiz via XML-RPC endpoints, allowing arbitrary file read or command execution depending on the method used.

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.

Exploits (7)

exploitdb WORKING POC

by Abdualhadi khalifa · textwebappsjava

https://www.exploit-db.com/exploits/52020

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Apache OFBiz via XML-RPC endpoints, allowing arbitrary file read or command execution depending on the method used.

Classification

Working Poc 90%

Attack Type

Info Leak | Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache OFBiz <= 18.12.12

No auth needed

Prerequisites: Network access to the target · XML-RPC endpoint exposed

MITRE ATT&CK

T1005 - Data from Local System T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 27 stars

by Mr-xn · remote

https://github.com/Mr-xn/CVE-2024-32113

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-32113, demonstrating a path traversal vulnerability in Apache OFBiz leading to remote code execution (RCE). The exploit leverages a crafted HTTP POST request to execute arbitrary commands via Groovy script injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache OFBiz < 18.12.14

No auth needed

Prerequisites: Access to the target Apache OFBiz instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 8 stars

by RacerZ-fighting · poc

https://github.com/RacerZ-fighting/CVE-2024-32113-POC

View Code ZIP pw:eip

The repository provides functional exploit code for CVE-2024-32113, demonstrating RCE and authentication bypass in Apache OfBiz via crafted HTTP requests to the `/webtools/control/ProgramExport` endpoint. The PoC includes multiple curl commands to exploit the vulnerability, including RCE via Groovy script execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache OfBiz

No auth needed

Prerequisites: Access to the target Apache OfBiz instance · Network connectivity to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 6 stars

by YongYe-Security · remote

https://github.com/YongYe-Security/CVE-2024-32113

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-32113, targeting Apache OFBiz. The exploit leverages a path traversal and Groovy script injection vulnerability to achieve remote code execution (RCE) by sending a crafted POST request to the `/webtools/control/forgotPassword;/ProgramExport` endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache OFBiz

No auth needed

Prerequisites: Target must be running a vulnerable version of Apache OFBiz · Network access to the target's web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by luizgaf · remote

https://github.com/luizgaf/CVE-2024-32113-Exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-32113, a path traversal vulnerability in Apache OFBiz leading to RCE. The exploit uses a crafted Groovy payload to execute arbitrary commands via the `/webtools/control/forgotPassword;/ProgramExport` endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache OFBiz before 18.12.13

No auth needed

Prerequisites: Network access to the target Apache OFBiz instance · Target must be running a vulnerable version (< 18.12.13)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by guinea-offensive-security · remote

https://github.com/guinea-offensive-security/Ofbiz-RCE

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2024-38856, targeting Apache OFBiz versions before 18.12.15. The exploit leverages incorrect authorization to achieve remote code execution via Groovy code injection through the `/webtools/control/forgotPassword/ProgramExport` endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache OFBiz < 18.12.15

No auth needed

Prerequisites: Network access to the target OFBiz instance · Exposed `/webtools/control/forgotPassword/ProgramExport` endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Mr-xn, jheysel-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_ofbiz_forgot_password_directory_traversal.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2024-38856 in Apache OFBiz by leveraging an incorrect authorization vulnerability in the /webtools/control/forgotPassword/ProgramExport endpoint to achieve remote code execution via Groovy script injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apache OFBiz < 18.12.15

No auth needed

Prerequisites: Network access to the target's web interface · Target running a vulnerable version of Apache OFBiz

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache OFBiz Directory Traversal - Remote Code Execution

HIGHVERIFIEDby DhiyaneshDK

Shodan: title:"OFBiz"

FOFA: app="Apache_OFBiz"

References (6)

Core 6

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/05/09/1

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-32113

Product mitigation

https://ofbiz.apache.org/download.html

Patch related

https://ofbiz.apache.org/security.html

Vendor Advisory issue-tracking

https://issues.apache.org/jira/browse/OFBIZ-13006

Mailing List vendor-advisory

https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd

Scores

CVSS v3 9.8

EPSS 0.9396

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-08-07

VulnCheck KEV 2024-06-14

InTheWild.io 2024-08-07

ENISA EUVD EUVD-2024-29935

CWE

CWE-22

Status published

Products (1)

apache/ofbiz < 18.12.13

Published May 08, 2024

KEV Added Aug 07, 2024

Tracked Since Feb 18, 2026