Unrated severityNVD Advisory· Published Jan 28, 2022· Updated Aug 4, 2024

CVE-2020-28885

Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to access and execute commands in Gogo Shell and therefore not a design fla

Affected products

Liferay/Liferay Portal Serverdescription
Liferay/Liferay Portal Serverllm-create
Range: <=7.3.5 GA6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

medium.com/%40tranpdanh/some-way-to-execute-os-command-in-liferay-portal-84498bde18d3mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000