CVE-2016-0710
HIGH8.8EPSS 79.2%Apache Jetspeed vulnerable to SQL Injection
Published: 5/17/2022Modified: 4/14/2025
Description
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
Affected packages (1)
- Maven/org.apache.portals.jetspeed-2:jetspeedfrom 0, < 2.3.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-0710
- WEBhttp://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
- WEBhttp://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
- WEBhttps://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E
- WEBhttps://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%[email protected]%3E
- WEBhttps://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710
- WEBhttps://www.exploit-db.com/exploits/39643
- WEBhttp://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload