Description
In LIferay Portal 7.0 CE GA7, a theoretical OS command injection vulnerability exists in SendmailHook.
Severity
Severity 2
Fixed Version(s)
Notes
By default, the SendmailHook is not enabled. If SendmailHook is enabled, it can be disabled by removing mail.hook.impl=com.liferay.mail.util.SendmailHook
from portal-ext.properties.
Publication date: Wed, 04 Jul 2018 08:06:00 +0000