CVE-2023-49070

Description

Pre-auth RCE in Apache Ofbiz 18.12.09.

It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

NVD
Severity: CRITICAL
CVE ID: CVE-2023-49070
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-49070

Refrence: Project Discovery GitHub

abdoghazy2015

Refrence: GitHub

0xrobiul

Exploit Of Pre-auth RCE in Apache Ofbiz!!

Refrence: GitHub

D0g3-8Bit

A Tool For CVE-2023-49070/CVE-2023-51467 Attack

Refrence: GitHub

UserConnecting

Authentication Bypass Vulnerability Apache OFBiz < 18.12.10.

Refrence: GitHub

yukselberkay

CVE-2023-49070 exploit and CVE-2023-49070 & CVE-2023-51467 vulnerability scanner

Refrence: GitHub

Praison001

This exploit scans whether the provided target is vulnerable to CVE-2023-49070/CVE-2023-51467 and also exploits it depending on the choice of the user.

Refrence: GitHub

Content on GitHub

jakabakos | watchers:60

Apache-OFBiz-Authentication-Bypass
This repo is a PoC with to exploit CVE-2023-51467 and CVE-2023-49070 preauth RCE vulnerabilities found in Apache OFBiz.

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub