Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.

Remediation

References

CVE-2020-28885

Related Vulnerabilities

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15072)

MySQL CVE-2024-21236 Vulnerability (CVE-2024-21236)

WordPress Plugin WP Js External Link Info Cross-Site Scripting (1.21)

WordPress Plugin Double Opt-In for Download Multiple Cross-Site Scripting Vulnerabilities (2.1.5)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.24)

Severity

High

Classification

CVE-2020-28885 CWE-138

Tags

Missing Update Known Vulnerabilities