What is CVE-2021-33990?

CVE-2021-33990 is a vulnerability in N/a. Published 2023-04-16.

Is CVE-2021-33990 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-33990

Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not de…

EPSS: 0.611 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection

References

github.com/fu2x2000/Liferay_exploit_Poc
packetstormsecurity.com/files/171701/Liferay-Portal-6.2.5-Insecure-Permissions…

Frequently asked questions

What is CVE-2021-33990?: CVE-2021-33990 is a vulnerability in N/a. Published 2023-04-16.
Is CVE-2021-33990 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.