Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-9556

Path manipulation may lead to remote code execution

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0.4 GA
    • Labels:
      None
    • Environment:
      The vulnerability was tested on Liferay 4.x It could

      Description

      Some functionalities let authenticated Power Users to create arbitrary files with arbitrary extensions.

      Let us know the best way to report this issue

        Attachments

          Activity

            People

            Assignee:
            jr.houn JR Houn
            Reporter:
            minded Minded Security S.r.l. (Inactive)
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              10 years, 21 weeks, 1 day ago

                Packages

                Version Package
                6.0.4 GA