Back to directory

WRITEUP #26

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

RCEForced browsingBroken authorization

byRyan Emmons

Program

Apache OFBiz

Published

Sep 5, 2024

Added to HackDex

Sep 24, 2024

Read Full Writeuphttps://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/

▸ RELATED WRITEUPS

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI

Built with ❤️ by Shubham Rawat