2 matches found
CVE-2019-11444
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...
CVE-2019-11444
Affected software: Liferay Portal CE 7.1.2 GA3. Issue: Groovy script console allows OS command execution via a command.execute() call (def cmd = ...) in ServerAdminPortlet_script. Exploitation requires valid application administrator credentials. Impact: remote command execution with high severit...