CVE-2019-11444 – Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2019-11444
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw ** EN DISPUTA ** Fue encontrado un problema en Liferay Portal CE 7.1.2 GA3. • https://www.exploit-db.com/exploits/46525 https://dev.liferay.com/discover/portal/-/knowledge_base/7-1/running-scripts-from-the-script-console https://pentest.com.tr/exploits/Liferay-CE-Portal-Tomcat-7-1-2-ga3-Groovy-Console-Remote-Command-Execution-Metasploit.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-10795
https://notcve.org/view.php?id=CVE-2018-10795
Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. NOTE: the vendor disputes this issue because file upload is an expected feature, subject to Role Based Access Control checks where only authenticated users with proper permissions can upload files ** EN DISPUTA ** Liferay en versiones 6.2.x y anteriores tiene una configuración FCKeditor que permite que un atacante suba o transfiera archivos de tipo peligroso que pueden procesarse automáticamente en el entorno del producto mediante un URI browser/liferay/browser.html?Type= o html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html. NOTA: el fabricante discute este problema debido a que la subida de archivos es una funcionalidad esperada, sujeta a las comprobaciones de control de acceso basado en roles, donde solo los usuarios autenticados con permisos adecuados pueden subir archivos. • https://cxsecurity.com/issue/WLB-2018050029 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-1000425
https://notcve.org/view.php?id=CVE-2017-1000425
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en la página /html/portal/flash.jsp en Liferay Portal CE 7.0 GA4 y anteriores permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante un URI javascript: en el parámetro "movie". • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/cst-7030-multiple-xss-vulnerabilities-in-7-0-ce-ga4 https://github.com/liferay/liferay-portal/commit/9435af4ef8a90b5333da925a5ec860a43d18c031 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-17868
https://notcve.org/view.php?id=CVE-2017-17868
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. En Liferay Portal 6.1.0, la selección de etiquetas contiene CSS mediante un valor Public Render Parameter (p_r_p), tal y como lo demuestra p_r_p_564233524_tag. • https://cxsecurity.com/issue/WLB-2017120169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-12645
https://notcve.org/view.php?id=CVE-2017-12645
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un portletId no válido. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities https://issues.liferay.com/browse/LPS-72307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •