High
Apache OFBiz could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the Image Management. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.
Apache
Upgrade to the latest version of Apache OFBiz (17.12.08 or later), available from the Apache Web site.