Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
Advisories for Maven/Com.liferay.portal/Portal-Service package
2022