CVE-2021-33334

CVE-2021-33334

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.

Source: CVE-2021-33334

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다