CVE-2008-0182
Liferay Enterprise Portal < 4.3.6 - Authenticated Cross-Site Request Forgery via Shutdown Message
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.
References (3)
Core 3
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/767825
Various Sources x_refsource_confirm
http://support.liferay.com/browse/LEP-4739
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28742
Scores
EPSS
0.0029
EPSS Percentile
52.1%
Details
CWE
CWE-352
Status
published
Products (1)
liferay/liferay_enterprise_portal
< 4.3.6
Published
Feb 05, 2008
Tracked Since
Feb 18, 2026