Hi there.

I would like to start implementing a plugin to detect Apache Ofbiz Authentication Bypass Leads to RCE (CVE-2023-51467). This vulnerability was published in 26/Dec/2023.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-51467
https://issues.apache.org/jira/browse/OFBIZ-12873

Description:
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
This vulnerability occurs as a result of incomplete fixing for CVE-2023-49070. In Apache OFBiz version 18.12.10, the developers removed the XMLRPC to fix the previous RCE issue, but the authentication bypass still exists. The researcher from Chaitin Tech found another attack approach to perform the pre-auth RCE using Groovy expression injection.

Versions:
Apache OFBiz <= 22.01.01
Apache OFBiz <= 18.12.10

Thanks.