CVE-2022-42125 - Unzipping Danger in Liferay Portal – A Simple Guide to the Zip Slip Vulnerability
*Filed: November 2022 | Author: Security Insights Team*
Liferay Portal powers many business web applications. But from version 7.4.3.5 through 7.4.3.
CVE-2022-42122 - SQL Injection in Liferay Portal’s Friendly Url Module Explained
CVE-2022-42122 is a serious SQL injection vulnerability found in the Friendly Url module of Liferay Portal 7.3.7 and Liferay DXP (fix pack 2
CVE-2022-42120 - How a Fragment Module SQL Injection Left Liferay Portal Exposed
Liferay Portal is a popular open-source digital experience software, widely used for portals, intranets, and websites. But in 2022, security researchers discovered a worrying flaw—
CVE-2022-42127
This issue was likely introduced when the friendly URL module was modified in a backwards-incompatible way between Liferay versions. Early versions of this issue were
CVE-2022-42121 SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA. It can allow remote attackers to execute arbitrary SQL commands.
CVE-2019-1841 was confirmed to exist in Liferay. When exploited, the issue allows unauthenticated attackers to execute arbitrary SQL commands in the SQL database, obtain access
Episode
00:00:00
00:00:00