How severe is CVE-2022-25813?

CVE-2022-25813 has a CVSS v3 score of 7.5 (HIGH).

CVE-2022-25813

Name: ofbiz
Author: apache

7.5HIGH

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page.

게시됨: 9/2/2022업데이트됨: 11/21/2024

설명

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.

AI 분석AI 기반

영향받는 제품

apacheofbiz

참조

http://www.openwall.com/lists/oss-security/2022/09/02/4
Mailing ListPatchThird Party Advisory
https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b
Mailing ListPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2022/09/02/4
Mailing ListPatchThird Party Advisory
https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b
Mailing ListPatchVendor Advisory