The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.0229
Percentile: 0.84025

CVSS Scoring

Affected Products

• cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

← Back to Home