CVE-2024-36104

CRITICAL EXPLOITED NUCLEI

Apache OFBiz <18.12.14 - Path Traversal

Title source: llm

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Exploits (2)

github WORKING POC 27 stars

by Mr-xn · poc

https://github.com/Mr-xn/CVE-2024-32113

View Code ZIP pw:eip

nomisec SUSPICIOUS 2 stars

by ggfzx · poc

https://github.com/ggfzx/CVE-2024-36104

View Code ZIP pw:eip

Nuclei Templates (1)

Apache OFBiz - Directory Traversal & Remote Code Execution

CRITICALVERIFIEDby Co5mos

Shodan: http.title:"ofbiz" || http.html:"apache ofbiz" || http.html:"ofbiz" || ofbiz.visitor=

FOFA: app="apache_ofbiz" || body="apache ofbiz" || title="ofbiz"

References (5)

[Mailing List] http://www.openwall.com/lists/oss-security/2024/06/03/1

[Issue Tracking] https://issues.apache.org/jira/browse/OFBIZ-13092

[Mailing List, Release Notes] https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o

[Product] https://ofbiz.apache.org/download.html

[Vendor Advisory] https://ofbiz.apache.org/security.html

Scores

CVSS v3 9.1

EPSS 0.9356

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitation Intel

VulnCheck KEV 2024-08-19

Classification

CWE

CWE-22

Status published

Affected Products (1)

apache/ofbiz < 18.12.14

Timeline

Published Jun 04, 2024

Tracked Since Feb 18, 2026