Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
References
Configurations
History
07 Nov 2023, 02:29
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-04-11 14:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-0710
Mitre link : CVE-2016-0710
CVE.ORG link : CVE-2016-0710
JSON object : View
Products Affected
apache
- jetspeed
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')