2 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the classPKField parameter to CommerceChannelRelFinder.countByCC and CommerceChannelRelFinder.findByCC. An attacker can execute arbitrary SQL commands by injecting malicious SQL code. Remediation Upgrade...
Liferay Enterprise Portal SQL注入漏洞
Liferay Enterprise Portal is an application system from Liferay USA. It provides a showcase for e-commerce functionality. A SQL injection vulnerability exists in Liferay Enterprise Portal version 7.3.5. The vulnerability stems from the program not adequately cleaning up user-supplied data in the...