漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz
Vulnerability Description
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
CVSS Information
N/A
Vulnerability Type
CWE-1336
Vulnerability Title
Apache OFBiz 代码注入漏洞
Vulnerability Description
Apache OFBiz是美国阿帕奇(Apache)基金会的一套企业资源计划(ERP)系统。该系统提供了一整套基于Java的Web应用程序组件和工具。 Apache OFBiz 18.12.05及之前版本存在安全漏洞,攻击者利用该漏洞可以在“Contact us”页面“Subject”字段中插入恶意内容,然后可以进行 RCE。
CVSS Information
N/A
Vulnerability Type
N/A