CVE-2023-49070
Description
Pre-auth RCE in Apache Ofbiz 18.12.09.
It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10
Severity: CRITICAL
CVE ID: CVE-2023-49070
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-49070
Refrence: Project Discovery GitHub
abdoghazy2015
Refrence: GitHub
0xrobiul
Exploit Of Pre-auth RCE in Apache Ofbiz!!
Refrence: GitHub
D0g3-8Bit
A Tool For CVE-2023-49070/CVE-2023-51467 Attack
Refrence: GitHub
UserConnecting
Authentication Bypass Vulnerability Apache OFBiz < 18.12.10.
Refrence: GitHub
yukselberkay
CVE-2023-49070 exploit and CVE-2023-49070 & CVE-2023-51467 vulnerability scanner
Refrence: GitHub
Praison001
This exploit scans whether the provided target is vulnerable to CVE-2023-49070/CVE-2023-51467 and also exploits it depending on the choice of the user.
Refrence: GitHub
Content on GitHub
jakabakos | watchers:60
Apache-OFBiz-Authentication-Bypass
This repo is a PoC with to exploit CVE-2023-51467 and CVE-2023-49070 preauth RCE vulnerabilities found in Apache OFBiz.
Refrence: GitHub