GHSA-F9WJ-C5PC-G9RH Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to 1 CommerceChannelRelFinder.countByCC, or 2 CommerceChannelRelFinder.findByCC...

Liferay Enterprise Portal SQL注入漏洞

Liferay Enterprise Portal is an application system from Liferay USA. It provides a showcase for e-commerce functionality. A SQL injection vulnerability exists in Liferay Enterprise Portal version 7.3.5. The vulnerability stems from the program not adequately cleaning up user-supplied data in the...