Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Remediation

References

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and

http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html

http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload

https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E

https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710

https://www.exploit-db.com/exploits/39643/

Related Vulnerabilities

CVE-2023-32997 Vulnerability in maven package org.jenkins-ci.plugins:cas-plugin

CVE-2023-49276 Vulnerability in npm package uptime-kuma

CVE-2023-26118 Vulnerability in npm package angular

CVE-2021-3137 Vulnerability in maven package org.xwiki.commons:xwiki-commons

CVE-2022-41233 Vulnerability in maven package org.jenkins-ci.plugins:rundeck

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory