SQL injection in Liferay Portal

2023-05-2418:30:26

Google

osv.dev

sql injection

liferay portal

upgrade process

sql server

vulnerability

arbitrary sql commands

database table's primary key index

chained attacks

application upgrade

software

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

46.6%

JSON

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table’s primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.

CPENameOperatorVersion
com.liferay.portal:release.portal.bomeq7.4.3.14
com.liferay.portal:release.portal.bomeq7.4.3.7
com.liferay.portal:release.portal.bomeq7.4.3.16
com.liferay.portal:release.portal.bomeq7.4.3.5
com.liferay.portal:release.portal.bomeq7.4.3.15
com.liferay.portal:release.portal.bomeq7.4.0
com.liferay.portal:release.portal.bomeq7.4.2
com.liferay.portal:release.portal.bomeq7.3.3
com.liferay.portal:release.portal.bomeq7.3.2
com.liferay.portal:release.portal.bomeq7.3.4

Name	Operator	Version
com.liferay.portal:release.portal.bom	eq	7.4.3.14
com.liferay.portal:release.portal.bom	eq	7.4.3.7
com.liferay.portal:release.portal.bom	eq	7.4.3.16
com.liferay.portal:release.portal.bom	eq	7.4.3.5
com.liferay.portal:release.portal.bom	eq	7.4.3.15
com.liferay.portal:release.portal.bom	eq	7.4.0
com.liferay.portal:release.portal.bom	eq	7.4.2
com.liferay.portal:release.portal.bom	eq	7.3.3
com.liferay.portal:release.portal.bom	eq	7.3.2
com.liferay.portal:release.portal.bom	eq	7.3.4