SQL Injection Vulnerability in Liferay Portal and Liferay DXP
CVE-2022-42121
8.8HIGH
What is CVE-2022-42121?
A SQL injection vulnerability exists in the Layout module of Liferay Portal and Liferay DXP, allowing remote authenticated attackers to execute arbitrary SQL commands. This is achieved through a specially crafted payload injected into the 'Name' field of a page template. The vulnerability impacts multiple versions of Liferay Portal (7.1.3 to 7.4.3.4) and various releases of Liferay DXP (before specified fix packs). Organizations using these products are advised to implement the necessary updates to mitigate this risk.