CVE-2022-42120

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-42120

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42120.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-42120

Aliases

GHSA-r5fj-j449-vqw2

Published

2022-11-15T01:15:12.733Z

Modified

2026-04-10T04:53:59.683330Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type

GIT

Repo

https://github.com/liferay/liferay-portal

Events

Introduced

77b773677e0fa17b1a869414ad66220245ba96a8

Last affected

ad25d87862c8d2031396d2909c9add79c23f839e

Database specific

{
    "versions": [
        {
            "introduced": "7.3.3"
        },
        {
            "last_affected": "7.4.3.16"
        }
    ]
}

Affected versions

7.*

7.3.3-ga4

7.3.4-ga5

7.3.5-ga6

7.4.0-ga1

7.4.1-ga2

7.4.2-ga3

7.4.3.16-ga16

7.4.3.4-ga4

7.4.3.5-ga5

7.4.3.6-ga6

7.4.3.7-ga7

Other

test-fix-pack-base-7310

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-42120.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-NA"
            }
        ]
    }
]