Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-28884)

Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.

Remediation

References

CVE-2020-28884

Related Vulnerabilities

WordPress Plugin Download Plugin Unspecified Vulnerability (1.6.1)

Apache HTTP Server Use of Uninitialized Resource Vulnerability (CVE-2020-1934)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.22)

WordPress Plugin Visual Form Builder Cross-Site Scripting (3.0.3)

WordPress Plugin Survey Maker-Best WordPress Survey SQL Injection (1.5.5)

Severity

High

Classification

CVE-2020-28884 CWE-138

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities