Cross-Site Request Forgery Vulnerability in Liferay Portal by Liferay, Inc.
CVE-2008-0182

Currently unrated

Key Information:

Vendor: Liferay
Status: Liferay Enterprise Portal
Vendor: CVE Published:; 5 February 2008

What is CVE-2008-0182?

A cross-site request forgery vulnerability exists in the Admin portlet of Liferay Portal prior to version 4.4.0. This issue allows remote authenticated users to invoke unauthorized actions on behalf of other authenticated users, potentially leading to misuse of the application’s administrative features. Attackers can exploit this flaw by crafting specific messages that trick users into executing arbitrary commands without their consent.

References

http://www.kb.cert.org/vuls/id/767825

third-party-advisoryx_refsource_CERT-VN

http://secunia.com/advisories/28742

third-party-advisoryx_refsource_SECUNIA

http://support.liferay.com/browse/LEP-4739

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 5, 2008