Liferay Portal和Liferay DXP SQL注入漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2020-14663 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions prior to 7.3.1 Liferay Portal 6.2 EE Liferay DXP versions prior to 7.2 Description: The issue allows the property 'portlet.resource.id.banned.paths.regexp' to be bypassed using doubled encoded URLs. Recommendations: Fo...