Liferay Portal is a common Java Content Management System (CMS) used for building corporate intranets and public websites.
Liferay Portal versions 6.2.4 and below, 7.0.0 to 7.0.5, 7.1.0 to 7.1.2 and 7.2.0 perform unsafe Java deserialization through the JSON webservices, allowing unauthenticated attackers to do remote code execution on the target application.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
liferay | liferay_portal | * | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961
codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
www.synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html