Description
OFBiz allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network, which is otherwise inaccessible externally. This feature can be exploited to perform SSRF (Server-Side Request Forgery) attacks, potentially leading to Remote Code Execution (RCE) on the server
Remediation
Upgrade to the latest version of OFBiz
References
Apache OFBiz 18.12.16 released
[CVE-2024-45507] Add validation to screen/script URI to block URL patterns
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2016-4345)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-5000)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103)
MySQL CVE-2019-2628 Vulnerability (CVE-2019-2628)
Oracle Database Server CVE-2011-2239 Vulnerability (CVE-2011-2239)