Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1571Command Injection in Portal

CWE-77Command Injection5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
7.4%
top 8.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Liferay Portal
Timeline
PublishedMay 7
Latest updateMay 13

Description

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDliferay/liferay_portal5.1.05.1.2+1

🔴Vulnerability Details

3
GHSA
Liferay Portal vulnerable to arbitrary command injection2022-05-13
OSV
Liferay Portal vulnerable to arbitrary command injection2022-05-13
CVEList
CVE-2011-1571: Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 52011-05-07

💥Exploits & PoCs

1
Exploit-DB
Liferay XSL - Command Execution (Metasploit)2012-04-08
CVE-2011-1571 — Command Injection in Liferay Portal | cvebase