mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-03 00:28:04 +02:00
marc
916 B
916 B
CVE-2020-28885
Description
** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to access and execute commands in Gogo Shell and therefore not a design flaw
POC
Reference
Github
No PoCs found on GitHub currently.