Description
Remote code execution vulnerability in DDM template in Liferay Portal 7.0.0 and earlier allows remote authenticated users with permission to create/edit templates to create templates that can run arbitrary code.
Severity
Severity 1
Fixed Version(s)
- Liferay Portal 7.0.1
- March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Mon, 02 Mar 2020 07:21:00 +0000