Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16581

Web Form portlet allows arbitrary file writing

Details

    • 5

    Description

      Users with access the Web Form portlet's configuration can manipulate the settings to allow users to write to any file in the file system. This vulnerability can be used for arbitrary code execution or to launch a denial-of-service attack.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-65

      Attachments

        Activity

          People

            support-ee EE Support
            tibor.lipusz Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Packages

                Version Package
                6.1.X EE
                6.2.X EE