Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Remediation

References

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and

http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html

http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload

https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E

https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710

https://www.exploit-db.com/exploits/39643/

Related Vulnerabilities

CVE-2023-27848 Vulnerability in npm package broccoli-compass

CVE-2023-45134 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2016-8749 Vulnerability in maven package org.apache.camel:camel-jacksonxml

CVE-2020-7681 Vulnerability in npm package marscode

CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone-components

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Vendor Advisory