Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-33990

Published: 16/04/2023 Updated: 11/04/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Liferay Portal

Vulnerability Summary

Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

liferay liferay portal 6.2.5

Exploits

Exploit DB: Liferay Portal 6.2.5 Insecure Permissions
Liferay Portal version 625 suffers from an insecure permissions vulnerability ...

References

CWE-281https://github.com/fu2x2000/Liferay_exploit_Pochttp://packetstormsecurity.com/files/171701/Liferay-Portal-6.2.5-Insecure-Permissions.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/171701/Liferay-Portal-6.2.5-Insecure-Permissions.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook