A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows malicious users to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay dxp 7.3 |
||
liferay liferay portal |
||
liferay dxp 7.4 |