Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-0710

CWE-89SQL Injection5 documents5 sources
Severity
8.8HIGH
EPSS
79.2%
top 0.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Jetspeed
Timeline
PublishedApr 11
Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDapache/jetspeed2.3.0

🔴Vulnerability Details

3
OSV
Apache Jetspeed vulnerable to SQL Injection2022-05-17
GHSA
Apache Jetspeed vulnerable to SQL Injection2022-05-17
CVEList
CVE-2016-0710: Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 22016-04-11

💥Exploits & PoCs

1
Exploit-DB
Apache Jetspeed - Arbitrary File Upload (Metasploit)2016-03-31
CVE-2016-0710 (HIGH CVSS 8.8) | Multiple SQL injection vulnerabilit | cvebase.io