Tracked as CVE-2024-45195 and discovered by Rapid7 security researchers, this remote code execution flaw is caused by a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks.
Apache fixes critical OFBiz remote code execution vulnerability
Submitted 2 months ago by IllNess@infosec.pub to securitynews@infosec.pub