Vulnerability identifier: #VU84796

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-51467

CWE-ID: CWE-918

Exploitation vector: Network

Exploits in database: 8

• January 18, 2024
  • Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467 (This exploit scans whether the provided target is vulnerable to CVE-2023-49070/CVE-2023-51467 and also exploits it depending on the choice of the user.) [Github]
• January 15, 2024
  • cve-2023-51467 (A go-exploit for Apache OFBiz CVE-2023-51467) [Github]
• January 9, 2024
  • Exploit-CVE-2023-49070-and-CVE-2023-51467-Apache-OFBiz (Authentication Bypass Vulnerability Apache OFBiz < 18.12.10.) [Github]
• January 7, 2024
  • Exploit_CVE-2023-51467 () [Github]
  • CVE-2023-51467 (CVE-2023-51467 POC) [Github]
• January 2, 2024
  • CVE-2023-51467-EXPLOIT (A PoC exploit for CVE-2023-51467 - Apache OFBiz Authentication Bypass) [Github]
  • Apache-OFBiz-Authentication-Bypass (This repo is a PoC with to exploit CVE-2023-51467 and CVE-2023-49070 preauth RCE vulnerabilities found in Apache OFBiz.) [Github]
  • CVE-2023-51467 (Apache OfBiz Auth Bypass Scanner for CVE-2023-51467) [Github]

Impact: Code execution

Vulnerable software:
OFBiz
Other software / Other software solutions

Vendor: Apache Foundation