Share
## https://sploitus.com/exploit?id=EF541C52-88A1-5939-A50C-6261EB96EEFF
# CVE-2024-38856-ApacheOfBiz

**Apache OFBiz** is an open source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.

**CVE-2024-38856** is a pre-authentication flaw in Apache OFBiz that can lead to remote code execution.

**Affected Versions**: Versions before 18.12.15

**Usage example:** python3 scanner.py https://localhost:8443/
			             python3 exploit.py https://localhost:8443/ <ReverseShellPayload>

**Disclaimer:** This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited. I am not responsible for any misuse or damage caused by this script.

**References:** https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/
			          https://threatprotect.qualys.com/2024/08/06/apache-ofbiz-remote-code-execution-vulnerability-cve-2024-38856/