If you are logged in to a vulnerable system, then you are only one click away from getting your session stolen. Just a question: have you clicked a shortened url recently?
The following example shows how a malicious user could compromise your server. This example requires a user to be logged in, but in other cases no login is required to run arbitrary code with the rights of the operating system user behind your portal instance. If you would like to secure your system, contact us.
Most of the Liferay instances are still vulnerable in this case. If you follow the steps detailed below, maybe you could also conclude, that this vulnerability is still present in your system. You should not let unauthenticated users to gain access to your private data.