Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Remediation

References

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and

http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload

http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html

https://www.exploit-db.com/exploits/39643/

https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710

https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E

Related Vulnerabilities

CVE-2022-36914 Vulnerability in maven package org.jenkins-ci.plugins:files-found-trigger

CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2019-11405 Vulnerability in maven package org.openapitools:openapi-generator-project

CVE-2015-2944 Vulnerability in maven package org.apache.sling:org.apache.sling.api

CVE-2022-43415 Vulnerability in maven package org.jenkins-ci.plugins:repo

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory