Command injection

2022-01-2812:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to access and execute commands in Gogo Shell and therefore not a design fla

CPENameOperatorVersion
liferay_portaleq7.2 ga1
liferay_portaleq7.3.5 ga6

CPE	Name	Operator	Version
	liferay_portal	eq	7.2 ga1
	liferay_portal	eq	7.3.5 ga6

References

medium.com/%40tranpdanh/some-way-to-execute-os-command-in-liferay-portal-84498bde18d3