Description
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2004-2244)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4999)
WordPress Plugin Spider Calendar Cross-Site Scripting and SQL Injection Vulnerabilities (1.0.1)
WordPress Plugin Zendesk Chat Cross-Site Request Forgery (1.4.5)