COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-42122

CVE-2022-42122

Severity
critical
Source
NVD · cve
Published
2022-11-15
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-42122
⚡ RCE shame 50/100 rce

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.

Players implicated

liferay · vendordxp · productliferay portal · product

Description

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.