Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Liferay Portal < 5.2.3 'exportFileName' File Creation Remote Code Execution

Medium

Synopsis

The remote web server hosts a web application that is vulnerable to a code execution attack.

Description

The remote web server hosts Liferay Portal, a web portal for building business solutions.

Versions of Liferay Portal earlier than 5.3.2 are potentially affected by a code execution vulnerability in the Liferay Calendar module. A remote attacker, who gains poweruser access, can execute arbitrary JSP code on the remote host.

Solution

Upgrade to Liferay Portal 5.2.3 or later.