Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.

Remediation

References

CVE-2020-28885

Related Vulnerabilities

MySQL CVE-2022-21320 Vulnerability (CVE-2022-21320)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.13.35)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1864)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7835)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Unspecified Vulnerability (3.4.27.1)

Severity

High

Classification

CVE-2020-28885 CWE-138

Tags

Missing Update Known Vulnerabilities