Cross-Site Request Forgery Vulnerability in Liferay Portal and DXP
CVE-2024-26272
8.8HIGH
Key Information:
- Vendor
Liferay
- Vendor
- CVE Published:
- 22 October 2024
What is CVE-2024-26272?
A cross-site request forgery (CSRF) vulnerability impacts Liferay Portal and Liferay DXP, enabling remote attackers to exploit the p_l_back_url parameter. This flaw allows unauthorized actions such as altering user passwords, shutting down the server, and executing arbitrary code via the scripting console. Attackers can leverage this vulnerability across multiple affected versions, posing significant risks for users and system administrators.