Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.

Remediation

References

CVE-2020-28885

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2002-0869)

WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Multiple Cross-Site Request Forgery Vulnerabilities (6.24.1)

WordPress Plugin Bongolive SMS Cross-Site Scripting (1.0.5)

SharePoint Improper Input Validation Vulnerability (CVE-2019-0957)

phpMyAdmin Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-6621)

Severity

High

Classification

CVE-2020-28885 CWE-138

Tags

Missing Update Known Vulnerabilities