FixVibe

// probes / spotlight

Liferay Portal Template RCE Advisory

Legacy Liferay Portal version evidence should trigger patch verification.

Il gancio

Liferay Portal often backs intranet, customer, and partner portals where authenticated users may have authoring permissions. CVE-2010-5327 affects Liferay Portal through 6.2.10 when template-engine access controls allow privileged template behavior.

Come funziona

This active check confirms whether user-controlled input or workflow behavior crosses a security boundary. Public docs keep the explanation high-level so customers understand the risk. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

Il raggio d'azione

If an affected Liferay Portal runtime is deployed and an untrusted authenticated user can create or edit Velocity or FreeMarker templates, the template boundary may cross into server-side command execution. A version match should drive runtime patch verification and permission review before it is treated as confirmed compromise.

// cosa controlla fixvibe

Cosa controlla FixVibe

FixVibe checks this class with verified-domain active testing that is bounded, non-destructive, and evidence-driven. Public reports describe the affected surface and remediation. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

Difese a prova di bomba

Apply Liferay's LPS-64547 binary/source patch for the deployed 6.2 CE release line, confirm an equivalent backport, or upgrade to a supported fixed release. Restrict template editing to trusted administrators, review existing templates, and keep portal administration behind trusted-network or authenticated access while rollout completes.

// run it on your own app

Continua a spedire mentre FixVibe vigila per te.

FixVibe mette sotto pressione la superficie pubblica della tua app come farebbe un attaccante — senza agent, senza installazione, senza carta. Continuiamo a studiare nuovi pattern di vulnerabilità e li trasformiamo in controlli pratici e fix pronti da incollare in Cursor, Claude e Copilot.

Sonde attive
127
test eseguiti in questa categoria
modules
48
controlli dedicati a sonde attive
ogni scansione
487+
test su tutte le categorie
  • Gratis — senza carta di credito, senza installazione, senza ping su Slack
  • Incolla un URL — pensiamo noi a crawl, sonde e report
  • Risultati classificati in base alla gravità, deduplicati solo per segnalare
  • AI-ready prompts where code applies, plus operator steps for DNS/provider fixes
Esegui una scansione gratuita

// latest checks · practical fixes · ship with confidence

Liferay Portal Template RCE Advisory — Vulnerabilità in primo piano | FixVibe · FixVibe