Description
Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the API Builder.
Remediation
References
Related Vulnerabilities
Artifactory Incorrect Default Permissions Vulnerability (CVE-2021-46270)
WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)
WordPress Plugin FireStorm Shopping Cart eCommerce SQL Injection (2.07.02)
WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)