High severity8.8OSV Advisory· Published May 7, 2018· Updated Jun 17, 2026
CVE-2018-10795
CVE-2018-10795
Description
Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. NOTE: the vendor disputes this issue because file upload is an expected feature, subject to Role Based Access Control checks where only authenticated users with proper permissions can upload files
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- cxsecurity.com/issue/WLB-2018050029nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.