5 matches found
GHSA-2HFJ-JV6Q-762V Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...
Liferay Publications is vulnerable to Incorrect Authorization
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
GHSA-894W-W643-QVXV Liferay Publications is vulnerable to Incorrect Authorization
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
CVE-2025-62243
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
CVE-2025-62244
CVE-2025-62244 (Liferay Publications IDOR) affects Liferay Portal 7.3.1–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, 2023.Q3.1–2023.Q3.8, plus 7.4 GA up to update 92 and 7.3 GA up to update 36. An insecure direct object reference via the parameter _com_liferay_change_tracking_web_portlet_Public...