portal-impl is vulnerable to remote code execution. The template API does not properly restrict user access to template objects, allowing an attacker to execute arbitrary code on the system using malicious FreeMarker and Velocity templates.
CPE | Name | Operator | Version |
---|---|---|---|
liferay portal impl | eq | 7.0.0-nightly | |
liferay portal impl | le | 6.2.5 |