CVE-2011-1571
EPSS 7.4%Liferay Portal vulnerable to arbitrary command injection
Published: 5/13/2022Modified: 7/15/2025
Description
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
Affected packages (1)
- Maven/com.liferay.portal:portal-service>= 5.0.0, < 6.0.6-ga
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-1571
- PATCHhttps://github.com/liferay/liferay-portal
- WEBhttp://issues.liferay.com/browse/LPS-14726
- WEBhttp://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952
- WEBhttp://openwall.com/lists/oss-security/2011/03/29/1
- WEBhttp://openwall.com/lists/oss-security/2011/04/08/5
- WEBhttp://openwall.com/lists/oss-security/2011/04/11/9
- WEBhttps://github.com/liferay/liferay-portal/commit/55502ca16019e1ea1a581ee87f4f20cde638c825