CVE-2008-0182

Liferay Enterprise Portal < 4.3.6 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.

References (3)

[Vendor Advisory] http://secunia.com/advisories/28742

[Various Sources] http://support.liferay.com/browse/LEP-4739

[US Government Resource] http://www.kb.cert.org/vuls/id/767825

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-352

Status draft

Affected Products (1)

liferay/liferay_enterprise_portal < 4.3.6

Timeline

Published Feb 05, 2008

Tracked Since Feb 18, 2026