Description
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.1.4)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0931)
Oracle JRE CVE-2024-21138 Vulnerability (CVE-2024-21138)
WordPress Plugin Customer Service Software & Support Ticket System Cross-Site Scripting (5.10.3)
WordPress Plugin Infusionsoft Gravity Forms Add-on Arbitrary File Upload (1.5.10)