Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-11948

Remote Code Execution (File Upload) Vulnerability

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 18.12.01, Trunk, 17.12.04
    • Fix Version/s: 18.12.01, 17.12.05
    • Component/s: product/catalog
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      Harshit Shukla harshit.shukz@gmail.com reported this RCE vulnerability to the OFBiz security team, and we thank him for that.

      I'll later quote here his email message when the vulnerability will be fixed. It's a post-auth vulnerability so we did not ask for a CVE.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jleroux Jacques Le Roux
                Reporter:
                jleroux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: