WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42122)

Description

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Statistics Cross-Site Scripting (12.6.3)

WordPress Plugin Xorbin Analog Flash Clock Cross-Site Scripting (1.0)

WordPress Plugin MukioPlayer SQL Injection (1.6)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner 'config' Parameter Local File Inclusion (3.0.3)

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-28347)

Severity

Critical

Classification

CVE-2022-42122 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities