Description
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wordspew 'id' Parameter SQL Injection (1.16)
PostgreSQL CVE-2023-39418 Vulnerability (CVE-2023-39418)
WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.1)
Jenkins Incorrect Authorization Vulnerability (CVE-2022-34175)
WordPress Plugin Shariff Wrapper Local File Inclusion (4.6.13)