Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112382HistoryMay 07, 2020 - 12:00 a.m.
Liferay Portal < 6.2.5 / 7.0.x < 7.0.6 / 7.1.x < 7.1.3 / 7.2.0 Remote Code Execution
2020-05-0700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
86
Liferay Portal is a common Java Content Management System (CMS) used for building corporate intranets and public websites.
Liferay Portal versions 6.2.4 and below, 7.0.0 to 7.0.5, 7.1.0 to 7.1.2 and 7.2.0 perform unsafe Java deserialization through the JSON webservices, allowing unauthenticated attackers to do remote code execution on the target application.
No source data| Vendor | Product | Version | CPE |
|---|---|---|---|
| liferay | liferay_portal | * | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961
codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
www.synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html