Apache OFBiz Remote Code Execution

Apache OFBiz versions before 18.12.10 suffer from an authentication bypass vulnerability and a deserialization vulnerability on the /webtools/control/xmlrpc endpoint. By crafting a malicious serialized Java Object, a remote and unauthenticated attacker could achieve a remote code execution on the target…Read More