Primary

Context

Apache OFBiz Path Traversal Vulnerability Allowing Low-Privilege Local File Inclusion

Vulnerability

Patched

A path traversal vulnerability has been identified in Apache OFBiz versions prior to 24.09.06. This issue allows for improper limitation of a pathname, potentially leading to unauthorized access to restricted directories. Users are advised to upgrade to version 24.09.06, which addresses this vulnerability.

Impact

Exploitation of this vulnerability could lead to local file inclusion, allowing attackers to read sensitive files on the server.

Remediation

Users should upgrade to Apache OFBiz version 24.09.06 or later.

Added: May 19, 2026, 10:32 AM

Updated: May 19, 2026, 10:32 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.2

exploitability

5.2

remediation

3.1

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.2

exploitability

5.2

remediation

3.1

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache OFBiz Path Traversal Vulnerability Allowing Low-Privilege Local File Inclusion

Vulnerability

Impact

Remediation

Affected Products

Apache OFBiz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating