2020
04.16

Liferay Portal Java Unmarshalling Remote Code Execution

Category: exploit / Tags: no tag / Add Comment

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.

No Comment.

Add Your Comment

Your Comment

You must be logged in to post a comment.