Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-9556

Path manipulation may lead to remote code execution

        Details

        • Type: Bug
        • Status: Closed
        • Resolution: Fixed
        • Affects Version/s: None
        • Fix Version/s: 6.0.4 GA
        • Component/s: Accessibility, Security Vulnerability
        • Labels:
          None
        • Environment:
          The vulnerability was tested on Liferay 4.x It could

          Description

          Some functionalities let authenticated Power Users to create arbitrary files with arbitrary extensions.

          Let us know the best way to report this issue

            Attachments

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Days since last comment:
                    8 years, 41 weeks ago