CVE advisoryCRITICAL
CVE-2022-42122
Liferay Friendly Url Module SQL Injection
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A SQL injection vulnerability in Liferay Portal and DXP allows attackers to execute arbitrary SQL commands through a crafted payload in the `title` field of a friendly URL, potentially leading to unauthorized database access or manipulation.