## https://sploitus.com/exploit?id=EF541C52-88A1-5939-A50C-6261EB96EEFF
# CVE-2024-38856-ApacheOfBiz
**Apache OFBiz** is an open source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
**CVE-2024-38856** is a pre-authentication flaw in Apache OFBiz that can lead to remote code execution.
**Affected Versions**: Versions before 18.12.15
**Usage example:** python3 scanner.py https://localhost:8443/
python3 exploit.py https://localhost:8443/ <ReverseShellPayload>
**Disclaimer:** This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited. I am not responsible for any misuse or damage caused by this script.
**References:** https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/
https://threatprotect.qualys.com/2024/08/06/apache-ofbiz-remote-code-execution-vulnerability-cve-2024-38856/