LSV-1034: SQL injection vulnerability during fragment upgrade

Affects versions

None

Fix versions

None

7.0 Fix Pack Version

None

7.1 Fix Pack Version

None

7.2 Fix Pack Version

None

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVE-2022-42120

CVSS Base Score

6.4

CVSS Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Labels

None

Description

SQL injection vulnerability in the Fragment module's PortletPreferences upgrade process in Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.

Activity

Show:

Resize issue view side panel

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low

Zendesk Support

Created March 9, 2022 at 9:00 AM

Updated October 18, 2022 at 7:44 PM

Resolved October 18, 2022 at 7:44 PM

LSV-1034: SQL injection vulnerability during fragment upgrade

Affects versions

Fix versions

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

Activity

DetailsAssigneeEE SupportEE SupportReporterEnterprise Release HUEnterprise Release HUPriorityLow

Details

Assignee

Reporter

Priority

Zendesk SupportLinked Tickets

Zendesk Support

Details
Assignee
EE Support
Reporter
Enterprise Release HU
Priority
Low

Zendesk Support