Количество 2
Количество 2
CVE-2022-42121
A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field.
GHSA-gxxj-fhmr-37j9
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-42121 A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field. | CVSS3: 8.8 | 1% Низкий | около 3 лет назад |
| GHSA-gxxj-fhmr-37j9 Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module | CVSS3: 8.8 | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу