In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property ‘portlet.resource.id.banned.paths.regexp’ can be bypassed with doubled encoded URLs.
CPE | Name | Operator | Version |
---|---|---|---|
dxp | eq | 7.0 | |
dxp | eq | 7.1 | |
dxp | eq | 7.2 | |
liferay_portal | eq | 6.2 | |
liferay_portal | lt | 7.3.1 |