Vulnerabilities > CVE-2021-33990 - Improper Preservation of Permissions vulnerability in Liferay Portal 6.2.5

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
liferay
CWE-281
critical

Summary

Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.

Vulnerable Configurations

Part Description Count
Application
Liferay
1

Common Weakness Enumeration (CWE)