GHSA-hw56-7xj4-7gx6

Source

https://github.com/advisories/GHSA-hw56-7xj4-7gx6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-hw56-7xj4-7gx6/GHSA-hw56-7xj4-7gx6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hw56-7xj4-7gx6

Aliases

CVE-2022-42122

Published

2022-11-15T12:00:16Z

Modified

2025-09-05T19:58:02.822059Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module

Details

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL.

Database specific

{
    "nvd_published_at": "2022-11-15T01:15:00Z",
    "severity": "CRITICAL",
    "github_reviewed_at": "2025-07-16T17:36:25Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Maven / com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.3.7

Fixed

7.4.0-ga1

Affected versions

7.*

7.3.7

7.4.0

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.3.10.fp2

Fixed

7.3.10.u4

Affected versions

7.*

7.3.10.fp2

Maven / com.liferay:com.liferay.friendly.url.service

Package

Name: com.liferay:com.liferay.friendly.url.service; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.friendly.url.service

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.3

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.26

1.0.27

1.0.28

1.0.29

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

1.0.39

1.0.40

1.0.41

1.0.42

1.0.43

1.0.44

1.0.45

1.0.46

1.0.47

1.0.48

1.0.49

1.0.50

1.0.51

1.0.52

1.0.53

1.0.54

1.0.55

1.0.56

1.0.57

1.0.58

1.0.59

1.0.60

1.0.61

1.0.62

1.0.63

1.0.64

1.0.65

1.0.66

1.0.67

1.0.68

1.0.69

1.0.70

1.0.71

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

2.0.53

2.0.54

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.0.21

3.0.22

3.0.23

3.0.24

3.0.25

3.0.26

3.0.27

3.0.28

3.0.29

3.0.30

3.0.31

3.0.32

3.0.33

3.0.34

3.0.35

3.0.36

3.0.37

3.0.38

3.0.39

3.0.40

3.0.41

3.0.42

3.0.43

3.0.44

3.0.45

3.0.46

3.0.47

3.0.48

3.0.49

3.0.50

3.0.51

3.0.52

3.0.53

3.0.54

3.0.55

3.0.56

3.0.57

3.0.58

3.0.59

3.0.60

3.0.61

3.0.62

4.*

4.0.0

4.0.1

4.0.2