Description
Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3276 Vulnerability (CVE-2018-3276)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1135)
WordPress Plugin Spellchecker 'general.php' Local and Remote File Include Vulnerabilities (3.1)
WordPress Plugin Simple Photo Gallery Cross-Site Scripting (1.8.0)
e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16388)