CVE-2021-33990 Information

Description

Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists.

Reference

https://github.com/fu2x2000/Liferay_exploit_Poc http://packetstormsecurity.com/files/171701/Liferay-Portal-6.2.5-Insecure-Permissions.html