Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-29091

SQL injection that may lead to arbitrary code execution

    Details

      Description

      A SQL injection vulnerability exists in the the portal's JSON service. This vulnerability may also be further exploited to create files anywhere in the system and to execute arbitrary code.

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                7 years, 2 weeks, 6 days ago

                Packages

                Version Package
                6.0.X EE
                6.1.1 CE GA2
                6.1.20 EE GA2
                --Sprint 11/12
                6.2.0 CE M2