Code injection

2021-05-1616:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.0%

JSON

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

CPENameOperatorVersion
dxplt7.3
dxpeq7.3
liferay_portaleq7.3.4
liferay_portaleq7.3.5

Name	Operator	Version
dxp	lt	7.3
dxp	eq	7.3
liferay_portal	eq	7.3.4
liferay_portal	eq	7.3.5

References

liferay.com

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467