Description
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2004-0205)
MySQL CVE-2022-21358 Vulnerability (CVE-2022-21358)
WordPress Plugin Drag & Drop File Uploader 'dnd-upload.php' Arbitrary File Upload (0.1)
WordPress 4.1.x Same Origin Method Execution (SOME) Vulnerability (4.1 - 4.1.10)
WordPress Plugin Gigya-Social Infrastructure Unspecified Vulnerability (3.0.4)