Description
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
Remediation
References
Related Vulnerabilities
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16650)
Joomla! Core Information Disclosure (1.5.0 - 3.7.5)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.23)
MySQL Other Vulnerability (CVE-2010-3676)
Microsoft SQL Server CVE-2023-32026 Vulnerability (CVE-2023-32026)