Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.

Remediation

References

CVE-2020-28884

Related Vulnerabilities

WordPress Plugin Profile Extra Fields by BestWebSoft Cross-Site Scripting (1.0.7)

SharePoint CVE-2023-36890 Vulnerability (CVE-2023-36890)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-1623)

WordPress Plugin Easy Preloader Cross-Site Scripting (1.0.0)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)

Severity

High

Classification

CVE-2020-28884 CWE-138

Tags

Missing Update Known Vulnerabilities