Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Remediation

References

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and

http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html

http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload

https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E

https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710

https://www.exploit-db.com/exploits/39643/

Related Vulnerabilities

CVE-2022-45935 Vulnerability in maven package org.apache.james:apache-james-mailbox-store

CVE-2023-24454 Vulnerability in maven package org.jenkins-ci.plugins:testquality-updater

CVE-2016-10540 Vulnerability in maven package org.webjars.npm:minimatch

CVE-2018-3721 Vulnerability in maven package org.webjars:lodash

CVE-2021-23425 Vulnerability in npm package trim-off-newlines

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory