Description
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
Remediation
References
Related Vulnerabilities
Joomla Improper Input Validation Vulnerability (CVE-2013-3242)
WordPress Plugin GD bbPress Tools Cross-Site Scripting (1.7)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)
WordPress Plugin All Video Gallery 'vid' Parameter Multiple SQL Injection Vulnerabilities (1.1)
WordPress Plugin Easy Registration Forms Cross-Site Scripting (1.8.3)