Vulnerabilities > Liferay > DXP > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-42122 SQL Injection vulnerability in Liferay DXP and Liferay Portal
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
network
low complexity
liferay CWE-89
critical
 9.8
9.8
2022-11-15 CVE-2022-42120 SQL Injection vulnerability in Liferay DXP and Liferay Portal
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.
network
low complexity
liferay CWE-89
critical
 9.8
9.8