Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42121)

Description

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field.

Remediation

References

Related Vulnerabilities

WordPress Plugin MarketPress-WordPress eCommerce PHP Object Injection (3.2.6)

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more PHAR Deserialization (2.9.8.5)

WebLogic CVE-2023-21956 Vulnerability (CVE-2023-21956)

WordPress Plugin Unlimited PopUps SQL Injection (4.5.3)

WordPress Plugin Image Widget Unspecified Vulnerability (4.1.2)

Severity

High

Classification

CVE-2022-42121 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities