Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16581

Web Form portlet allows arbitrary file writing

    Details

    • Business Value:
      5

      Description

      Users with access the Web Form portlet's configuration can manipulate the settings to allow users to write to any file in the file system. This vulnerability can be used for arbitrary code execution or to launch a denial-of-service attack.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-65

        Attachments

          Activity

            People

            • Assignee:
              support-ee EE Support
              Reporter:
              tibor.lipusz Tibor Lipusz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.1.X EE
                6.2.X EE