CVE-2022-42122
published 2022-11-15CVE-2022-42122: A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | dxp | — | — |
| liferay | liferay_portal | — | — |