Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-54695

Web Form portlet allows arbitrary file writing

    Details

      Description

      Users with access the Web Form portlet's configuration can manipulate the settings to allow users to write to any file in the file system. This vulnerability can be used for arbitrary code execution or to launch a denial-of-service attack.

        Attachments

          Activity

            People

            • Assignee:
              samuel.kong Samuel Kong
              Reporter:
              samuel.kong Samuel Kong
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 28 weeks, 4 days ago

                Packages

                Version Package
                6.2.2 CE GA3