Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.

Remediation

References

CVE-2020-28884

Related Vulnerabilities

WordPress Plugin Caldera Forms-More Than Contact Forms Information Disclosure (1.3.5.2)

MySQL CVE-2020-2923 Vulnerability (CVE-2020-2923)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4757)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4782)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-42029)

Severity

High

Classification

CVE-2020-28884 CWE-138

Tags

Missing Update Known Vulnerabilities