RE: Vulnerability In Liferay 7.4.GA93

Ganesan Ponselvan, modified 11 Months ago.

New Member Posts: 12 Join Date: 4/18/24 Recent Posts

Hi Team,

We recently ran a security scan using the Contrast Tool and identified the following vulnerabilities in our Liferay 7.4 GA93 instance. Please review the details below and provide guidance on whether it’s possible to fix these vulnerabilities:

SQL Injection from "groupId" Parameter on "/de/group/{sitename}" page

Cross-Site Request Forgery detected

OS Command Injection from Request Body on "/group/autom.-smoketests-staging/~/control_panel/manage" page

Path Traversal from "_com_liferay_staging_processes_web_portlet_Sta... on "/de/group/{sitename}-staging/~/control_panel/manage" page

7.4 7.4. 7.4.3.93-ga93

Tomáš Polešovský, modified 11 Months ago.

RE: Vulnerability In Liferay 7.4.GA93

Liferay Master Posts: 677 Join Date: 2/13/09 Recent Posts

Hi @Ganesan,

please use security@liferay.com to send the report: https://liferay.dev/portal/security/reporting

Thanks.

Tomas

Community

Company

Feedback

Ask Questions and Find Answers

Important:

Ask is now read-only. You can review any existing questions and answers, but not add anything new.

But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:

discuss.liferay.com

RE: Vulnerability In Liferay 7.4.GA93