Privilege escalation vulnerability in Liferay DXP 7.1 and 7.2 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user.