SQL Injection Vulnerability in Liferay Portal and DXP
CVE-2022-42120
9.8CRITICAL
What is CVE-2022-42120?
The vulnerability in the Fragment module of Liferay Portal allows attackers to exploit a flaw through the 'namespace' attribute of PortletPreferences. By manipulating this attribute, attackers can execute arbitrary SQL commands, posing severe risks to data integrity and confidentiality. Affected versions include Liferay Portal 7.3.3 to 7.4.3.16 and Liferay DXP 7.3 prior to update 4 and 7.4 prior to update 17.