Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-29091

SQL injection that may lead to arbitrary code execution

    Details

      Description

      A SQL injection vulnerability exists in the the portal's JSON service. This vulnerability may also be further exploited to create files anywhere in the system and to execute arbitrary code.

        Attachments

          Activity

            People

            Assignee:
            support-lep@liferay.com SE Support
            Reporter:
            samuel.kong Samuel Kong
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              8 years, 13 weeks ago

                Packages

                Version Package
                6.0.X EE
                6.1.1 CE GA2
                6.1.20 EE GA2
                --Sprint 11/12
                6.2.0 CE M2