Description
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Customers Manager Unspecified Vulnerability (26.6)
Oracle JRE CVE-2013-2443 Vulnerability (CVE-2013-2443)
MySQL CVE-2019-2730 Vulnerability (CVE-2019-2730)
WordPress Plugin OPS Old Post Spinner 'ops_file' Parameter Local File Include (2.2.1)
WordPress Plugin Post to Twitter Cross-Site Request Forgery (0.7)