VYPR
Critical severity9.8NVD Advisory· Published Nov 15, 2022· Updated Jun 17, 2026

CVE-2022-42122

CVE-2022-42122

Description

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.liferay.portal:release.portal.bomMaven
>= 7.3.7, < 7.4.0-ga17.4.0-ga1
com.liferay.portal:release.dxp.bomMaven
>= 7.3.10.fp2, < 7.3.10.u47.3.10.u4
com.liferay:com.liferay.friendly.url.serviceMaven
< 4.0.34.0.3

Affected products

4

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.