Description
The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.
Remediation
References
Related Vulnerabilities
WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
WordPress Plugin WP ULike Cross-Site Scripting (3.1)
Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)
Elgg Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3733)