First published: Fri Jan 13 2017(Updated: )
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/com.liferay.portal:portal-service | <6.2.11 | 6.2.11 |
maven/com.liferay.portal:portal-impl | <6.2.11 | 6.2.11 |
Liferay Liferay Portal | <=6.2.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.