VYPR
High severityNVD Advisory· Published May 24, 2023· Updated Oct 22, 2024

CVE-2023-33945

CVE-2023-33945

Description

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.liferay.portal:release.portal.bomMaven
>= 7.3.1, < 7.4.3.187.4.3.18

Affected products

4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.