Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.

N/A

对路径名的限制不恰当(路径遍历)

Apache OFBiz 路径遍历漏洞

Apache OFBiz是美国阿帕奇（Apache）基金会的一套企业资源计划（ERP）系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache OFBiz 18.12.05及之前版本存在路径遍历漏洞，该漏洞源于Birt存在错误，攻击者利用该漏洞可以执行远程代码执行。

N/A

N/A