Path manipulation may lead to remote code execution
Description
Environment
The vulnerability was tested on Liferay 4.x It could
Activity
Show:
JR HounJuly 21, 2010 at 3:28 PM
Thanks KC / Amos!
KC OniasJuly 21, 2010 at 3:27 PM
per my discussion with Amos, this has been fixed by http://issues.liferay.com/browse/LPS-3399 and cannot be reproduced on 6.0.4
Minded Security S.r.l.June 15, 2010 at 3:41 PM
Details about this issue can be found here:
Fixed
Details
Assignee
JR HounJR HounReporter
Minded Security S.r.l.Minded Security S.r.l.Components
Fix versions
Priority
Medium
Details
Details
Assignee
JR HounReporter
Minded Security S.r.l.Components
Fix versions
Priority
MediumZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created May 12, 2010 at 4:12 AM
Updated June 23, 2023 at 8:57 PM
Resolved July 21, 2010 at 3:27 PM
Some functionalities let authenticated Power Users to create arbitrary files with arbitrary extensions.
Let us know the best way to report this issue