Description
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Remediation
References
Related Vulnerabilities
WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.0)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-2041)
WordPress Plugin Facebook Members Cross-Site Scripting (7.0)
WordPress Plugin IgniteUp-Coming Soon and Maintenance Mode Multiple Vulnerabilities (3.4)
ATutor Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3368)