CVE-2011-1571

Liferay Portal CE <6.0.6 - RCE

Title source: llm

Description

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

Exploits (2)

exploitdb WORKING POC

by Spencer McIntyre · rubywebappsmultiple

https://www.exploit-db.com/exploits/18715

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by noobpk · poc

https://github.com/noobpk/CVE-2011-1571

View Code ZIP pw:eip

References (5)

[Issue Tracking, Vendor Advisory] http://issues.liferay.com/browse/LPS-14726

[Release Notes, Vendor Advisory] http://issues.liferay.com/secure/ReleaseNote.jspa?version=10656&styleName=Html&projectId=10952

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/03/29/1

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/04/08/5

[Mailing List, Third Party Advisory] http://openwall.com/lists/oss-security/2011/04/11/9

Scores

EPSS 0.0740

EPSS Percentile 91.8%

Details

Status published

Products (2)

com.liferay.portal/portal-service 5.0.0 - 6.0.6-gaMaven

liferay/liferay_portal 5.1.0 - 5.1.2

Published May 07, 2011

Tracked Since Feb 18, 2026