[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-50223":3,"news-by-cve-CVE-2026-50223-10":64},{"exploit_count":4,"description":5,"weaknesses":6,"attack_tactics":10,"has_attack_graph":13,"source_identifier":14,"assigner_org":9,"tags":15,"state":16,"cvss_source":17,"in_kev":18,"attack_technique_count":19,"has_nuclei_templates":18,"cvss_version":20,"cvss_vector":21,"cvss_severity":22,"has_exploit":18,"id":23,"date_published":24,"date_updated":25,"kev_ransomware_use":18,"affected_product_count":26,"reference_count":19,"sectors":27,"remediation_summary":29,"assigner_short_name":9,"nvd_cvss_vector":9,"vendor_context":30,"references_preview":38,"title":44,"cvss_score":45,"nvd_cvss_severity":9,"has_solution":18,"has_workaround":18,"nuclei_template_count":4,"affected_products_preview":46,"has_ai_summary":18,"attack_techniques":51,"sources":63},0,"Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution.\n\nThis issue affects Apache OFBiz: before 24.09.07.\n\nUsers are recommended to upgrade to version 24.09.07, which fixes the issue.",[7],{"cwe_id":8,"name":9},"CWE-94","",[11,12],"Execution","Initial Access",true,"f0158376-9dc2-43b6-827c-5f631a4d8d09",[],"PUBLISHED","cvelist",false,2,"3.1","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","HIGH","CVE-2026-50223","2026-06-10T22:23:49Z","2026-06-11T14:43:18Z",1,[28],"web-cms-plugins",{"has_patch":18,"has_workaround":18},[31],{"aliases":32,"sector":28,"subsector":34,"vendor":35,"vendor_type":36,"country":37},[33],"apache foundation","cms-core","apache software foundation","oss-project","US",[39,41],{"url":40,"source":17},"https://lists.apache.org/thread/trr2p4zokg54glqlhjnglt4yr7n8t5xd",{"url":42,"source":43},"http://www.openwall.com/lists/oss-security/2026/06/10/13","nvd","Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution",8.8,[47],{"vendor":48,"product":49,"sector":28,"subsector":34,"deployment":50},"Apache Software Foundation","Apache OFBiz","mixed",[52,58],{"technique_name":53,"tactic":54,"tactic_name":11,"url":55,"confidence":56,"technique_id":57},"Command and Scripting Interpreter","execution","https://attack.mitre.org/techniques/T1059/","high","T1059",{"technique_id":59,"technique_name":60,"tactic":61,"tactic_name":12,"url":62,"confidence":56},"T1190","Exploit Public-Facing Application","initial-access","https://attack.mitre.org/techniques/T1190/",[17,43],{"cve_id":23,"items":65,"total":4},[]]