Description
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.
Remediation
References
Related Vulnerabilities
XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)
WordPress Plugin Quick Contact Form Cross-Site Scripting (6.0)
WordPress Plugin teachPress Unspecified Vulnerability (5.0.17)
WordPress Plugin Infusionsoft Gravity Forms Add-on Arbitrary File Upload (1.5.10)