CVE-2016-0710
HIGH8.8EPSS 79.2%Apache Jetspeed vulnerable to SQL Injection
發布日:2022/5/17修改日:2025/4/14
描述
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
受影響套件(1)
- Maven/org.apache.portals.jetspeed-2:jetspeedfrom 0, < 2.3.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-0710
- WEBhttp://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
- WEBhttp://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
- WEBhttps://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E
- WEBhttps://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%[email protected]%3E
- WEBhttps://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710
- WEBhttps://www.exploit-db.com/exploits/39643
- WEBhttp://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload