Insecure File Upload in Liferay Portal 6.2.5
CVE-2021-33990

9.8CRITICAL

Key Information:

Vendor: Liferay
Status: Liferay Portal
Vendor: CVE Published:; 16 April 2023

What is CVE-2021-33990?

The Liferay Portal version 6.2.5 contains an vulnerability that allows unauthorized file uploads through specific requests when the frmfolders.html page is present. This vulnerability raises concerns about the integrity of the platform, as it may enable a malicious actor to exploit insufficient access controls and upload malicious files, leading to unauthorized actions within the system. It is crucial for users of Liferay Portal to address this issue to safeguard their environments.

References

https://github.com/fu2x2000/Liferay_exploit_Poc

http://packetstormsecurity.com/files/171701/Liferay-Porta...

EPSS Score

58% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2023
Vulnerability Reserved
Jun 7, 2021