Description
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
Remediation
References
Related Vulnerabilities
Seo Panel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-22643)
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Multiple Vulnerabilities (4.9.3)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.5)
WordPress Plugin WordPress Books Gallery Unspecified Vulnerability (4.4.1)
MongoDb Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-20803)