CVE-2024-45195 PoC — Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Source

https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Apache%20OFBiz%20%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%20CVE-2024-45195.md

Associated Vulnerability

Title:Apache OFBiz: Confused controller-view authorization logic (forced browsing) (CVE-2024-45195)
Description:Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

File Snapshot


 # Apache OFBiz 身份验证绕过导致远程代码执行 CVE-2024-45195

## 漏洞描述

Apache OFBiz 是一个开源企业资源规划（ERP）系统。它提供了一套企业应用程序，

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →