Vulnerabilities > CVE-2021-33990 - Improper Preservation of Permissions vulnerability in Liferay Portal 6.2.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |