First published: Tue Nov 15 2022(Updated: )
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.3-fix_pack_2 | |
Liferay Liferay Portal | =7.3.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-42122 is a SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7 and Liferay DXP 7.3.
CVE-2022-42122 has a severity rating of 9.8 (Critical).
The affected software includes Liferay Portal 7.3.7 and Liferay DXP 7.3 fix pack 2 through update 4.
Attackers can exploit CVE-2022-42122 by executing arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
Yes, you can find more information about fixes for CVE-2022-42122 on the official Liferay website and the Liferay security page.