Description
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Apache Software Foundation / Apache OFBiz18.12.06 – 18.12.07
Exploits & PoCs
- nucleiApache OFBiz < 18.12.07 - Local File Inclusionby your3cho
References
- MAILING_LISThttps://lists.apache.org/thread/k8s76l0whydy45bfm4b69vq0mf94p3wc
- MISChttps://ofbiz.apache.org/download.html
- MISChttps://ofbiz.apache.org/security.html
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2023/04/18/5
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2023/04/18/9
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2023/04/19/1
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2023/04/19/6