Description Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload. Remediation References CVE-2019-16891 Related Vulnerabilities Masa CMS Incorrect Authorization Vulnerability (CVE-2024-32643) WordPress 4.7.x Possible SQL Injection Vulnerability (4.7 - 4.7.6) Grafana CVE-2021-27358 Vulnerability (CVE-2021-27358) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0906) Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10321) Severity High Classification CVE-2019-16891 CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities