2 matches found
CVE-2024-25149
CVE-2024-25149 affects Liferay Portal 7.2.0–7.4.1 and Liferay DXP 7.3 before SP3 (and older/unsupported versions), where the policy to limit membership to the parent site does not properly restrict membership in a child site. This enables remote authenticated users to add non-members of the paren...
CVE-2024-25149
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled,...