GHSA-88f6-79x2-xqf3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-88f6-79x2-xqf3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-88f6-79x2-xqf3/GHSA-88f6-79x2-xqf3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-88f6-79x2-xqf3
- Aliases
-
- CVE-2016-0710
- Published
- 2022-05-17T03:56:49Z
- Modified
- 2025-04-14T21:12:17.288777Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Apache Jetspeed vulnerable to SQL Injection
- Details
-
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
- Database specific
{ "nvd_published_at": "2016-04-11T14:59:00Z", "cwe_ids": [ "CWE-89" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2025-04-14T20:40:29Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-0710
- https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E
- https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4@bluesunrise.com%3E
- https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710
- https://www.exploit-db.com/exploits/39643
- http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
- http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
- http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload
Affected packages
Maven / org.apache.portals.jetspeed-2:jetspeed
Package
- Name
- org.apache.portals.jetspeed-2:jetspeed
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.portals.jetspeed-2/jetspeed