Full title: Liferay Portal Java Unmarshalling Remote Code Execution Exploit 
Category: remote exploits
Platform: java
This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.

# 0day.today @ http://0day.today/