From faa924bdf186f1582ac1567e11755a4c8792bc2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B9=8B=E4=B9=8E=E8=80=85=E4=B9=9F?= Date: Fri, 7 Apr 2023 11:13:57 +0800 Subject: [PATCH] Create CVE-2020-7961.md --- CVE-2020-7961.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 CVE-2020-7961.md diff --git a/CVE-2020-7961.md b/CVE-2020-7961.md new file mode 100644 index 0000000..bd79465 --- /dev/null +++ b/CVE-2020-7961.md @@ -0,0 +1,12 @@ +## Liferay Portal Unauthenticated 7.2.1 RCE (CVE-2020-7961) + +| **Vulnerability** | **Liferay Portal Unauthenticated 7.2.1 RCE (CVE-2020-7961)** | +| :----: | :-----| +| **Chinese name** | Liferay Portal 7.2.1 版本 invoke 文件远程代码执行漏洞(CVE-2020-7961)) | +| **CVSS core** | 10.0 | +| **FOFA Query** (click to view the results directly)| [body="Powered by Liferay Portal" \|\| header="Liferay Portal" \|\| banner="Liferay Portal" \|\| header="guest_language_id=" \|\| banner="guest_language_id=" \|\| body="Liferay.AUI" \|\| body="Liferay.currentURL"](https://fofa.info/result?qbase64=Ym9keT0iUG93ZXJlZCBieSBMaWZlcmF5IFBvcnRhbCIgfHwgaGVhZGVyPSJMaWZlcmF5IFBvcnRhbCIgfHwgYmFubmVyPSJMaWZlcmF5IFBvcnRhbCIgfHwgaGVhZGVyPSJndWVzdF9sYW5ndWFnZV9pZD0iIHx8IGJhbm5lcj0iZ3Vlc3RfbGFuZ3VhZ2VfaWQ9IiB8fCBib2R5PSJMaWZlcmF5LkFVSSIgfHwgYm9keT0iTGlmZXJheS5jdXJyZW50VVJMIg%3D%3D) | +| **Number of assets affected** | 59885 | +| **Description** | Liferay Portal is a set of J2EE-based portal solutions of American Liferay Company. The program uses EJB and JMS and other technologies, and can be used as Web publishing and sharing workspace, enterprise collaboration platform, social network and so on. A code issue vulnerability exists in versions prior to Liferay Portal 7.2.1 CE GA2. A remote attacker could exploit this vulnerability to execute arbitrary code using JSON Web services. | +| **Impact** | A code issue vulnerability exists in versions prior to Liferay Portal 7.2.1 CE GA2. A remote attacker could exploit this vulnerability to execute arbitrary code using JSON Web services. | + +![](https://s3.bmp.ovh/imgs/2023/04/07/a16de9eefef6f8a5.gif)