Primary

Context

Apache OFBiz Server-Side Template Injection Vulnerability in E-commerce Plugin

Vulnerability

Patched

A server-side template injection vulnerability has been identified in Apache OFBiz versions 18.12.17 prior to 18.12.18. This issue, which is a regression between these two versions, arises from improper neutralization of special elements used in the Freemarker template engine. As a result, it could potentially lead to remote code execution.

Impact

Exploitation of this vulnerability could allow for server-side template injection, with the possibility of remote code execution, particularly in the e-commerce plugin.

Remediation

Users are advised to upgrade to Apache OFBiz version 18.12.18, which addresses this vulnerability. Instructions for downloading the latest version can be found on the Apache OFBiz website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache OFBiz Server-Side Template Injection Vulnerability in E-commerce Plugin

Vulnerability

Impact

Remediation

Affected Products

Apache OFBiz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating