Description
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.
Remediation
References
Related Vulnerabilities
Ruby Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16255)
WordPress Plugin Simple Download Monitor Multiple Cross-Site Scripting Vulnerabilities (3.9.4)
WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Request Forgery (4.7.5)
Oracle Database Server CVE-2015-4925 Vulnerability (CVE-2015-4925)