XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • Trunk
    • None
    • content
    • None
    • Bug Crush Event - 21/2/2015

    Description

      This post-auth security issue was reported to the security team by weinull orz <weinull@outlook.com>

      Hi,I found an arbitrary file read vulnerability in OFBiz,through this vulnerability, you can read system sensitive files and application configuration files (including database account passwords and other configurations)

      URL:
      content/control/updateLayoutSubContent
      Content -> Template -> Create New

      OFBIz version: 17.12.08

      Vulnerability Repair:
      Strictly restrict accessible files.

      Orz Team of weinull

      Attachments

        1. 截屏2021-08-14 03.31.07.png
          281 kB
          Jacques Le Roux

        Activity

          People

            jleroux Jacques Le Roux
            jleroux Jacques Le Roux
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: