Description
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.
Remediation
References
Related Vulnerabilities
WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)
WordPress Multiple Vulnerabilities (0.70 - 3.6.1)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)