CRITICAL🇵🇱 Wersja polska

CVE-2021-33990

CVSS 9.8v3.1pub. 2023-04-16upd. 2024-11-21

Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Liferay Portal

    APP
    Liferay
    6.2.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2020-7961CRITICAL9.8⚠ KEVten sam produkt

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute a...

CVE-2024-8980CRITICAL9.6PL ✓ten sam produkt

Liferay Portal/DXP: CSRF w Script Console umożliwia wykonanie kodu Groovy

CVE-2024-38002CRITICAL9.0PL ✓ten sam produkt

RCE w komponencie workflow Liferay Portal i DXP — brak weryfikacji uprawnień

CVE-2023-42498CRITICAL9.6PL ✓ten sam produkt

Reflected XSS w ekranie Language Override w Liferay Portal i DXP

CVE-2023-40191CRITICAL9.0PL ✓ten sam produkt

Reflected XSS w ustawieniach kont Liferay Portal i DXP