Recently, a security vulnerability was filed in Mitre under CVE-2018-10795 reporting an issue in FCKEditor and Liferay Portal 6.x versions.
Resolution
Liferay disputed this issue because file upload is an expected feature, subject to Role-Based Access Control checks where only authenticated users with proper permissions can upload files.
Liferay has also analyzed the report which does not contain steps to reproduce the vulnerability (to exploit it) so no other parties can prove there is such a vulnerability in the product.
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión