CyberSec.Space Logo
Back to CVE Browser

CVE-2021-29053

HIGH
8.8
CVSS Severity Score
EPSS Score0.1170%
EPSS Percentile8.73th
PublishedMay 17, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.

Affected Platforms (CPE)

πŸ“¦
Liferay

Dxp

= 7.3
πŸ“¦
Liferay

Liferay Portal

= 7.3.5

References & Advisories

πŸ”— http://liferay.com
πŸ”— https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225
πŸ”— http://liferay.com
πŸ”— https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120778225

Related Vulnerabilities

CVE-2021-290508.8

Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 befor...

CVE-2020-134458.8

In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the temp...

CVE-2020-158418.3

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not s...

CVE-2020-158428.1

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man...