CVE-2024-32113

CVE Database · CVE-2024-32113

CVE-2024-32113

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.44%

Published

May 8, 2024

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2024-08-07 · Due: 2024-08-28

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (8)

All weaponized →

Exploit-DBApache OFBiz 18.12.12 - Directory Traversal NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCMr-xn/CVE-2024-32113★27 GitHub PoCRacerZ-fighting/CVE-2024-32113-POC★8 GitHub PoCYongYe-Security/CVE-2024-32113★6 GitHub PoCguinea-offensive-security/Ofbiz-RCE★0 GitHub PoCluizgaf/CVE-2024-32113-Exploit★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-22

Affected Products (1)

apache · ofbiz (up to 18.12.13)vulnerable

References (11)

http://www.openwall.com/lists/oss-security/2024/05/09/1

Mailing List

https://issues.apache.org/jira/browse/OFBIZ-13006

Vendor Advisory

https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd

Mailing List

https://ofbiz.apache.org/download.html

Product

https://ofbiz.apache.org/security.html

Patch

http://www.openwall.com/lists/oss-security/2024/05/09/1

Mailing List

https://issues.apache.org/jira/browse/OFBIZ-13006

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs