Description
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2023-39456)
SharePoint CVE-2022-30158 Vulnerability (CVE-2022-30158)
Oracle JRE CVE-2013-0450 Vulnerability (CVE-2013-0450)
WordPress Plugin GA Top post for WP by Asentechllc Security Bypass (1.0)
Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)