Description
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Remediation
References
Related Vulnerabilities
Sqlite CVE-2015-5895 Vulnerability (CVE-2015-5895)
WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4.1)
WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (2.3.9)
MySQL Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-3305)
WordPress Plugin Ceceppa Multilingua Cross-Site Scripting (1.5.17)