Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Liferay users can assign themselves to organizations, leading to possible privilege escalation
May 13 2012 09:55AM
Jelmer Kuperus (jelmer advisories gmail com)
Liferay users can assign themselves to organizations, leading to
possible privilege escalation
Liferay Portal is an enterprise portal written in Java
Due to insufficient permission checking in the updateOrganizations
method of UserService any user
can assign hem or her self to any or...
[ more ]
Copyright 2010, SecurityFocus