This module uses an unauthenticated java deserialization vulnerability via JSONWS in Liferay Portal to upload and execute a java class file to gain arbitrary code execution on the affected system. CVE Link CVE-2020-7961 Exploit Platform Windows Linux Exploit Type Exploits Remote Product Name Impact