CVEs-PoC/2016/CVE-2016-0710.md at ef999830cefac409bd2be04bf317a47573d9dfe5

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

POC

Reference

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
https://www.exploit-db.com/exploits/39643/
https://www.exploit-db.com/exploits/39643/

Github

https://github.com/ARPSyndicate/cvemon

1.1 KiB Raw Blame History

CVE-2016-0710

Description

POC

Reference

Github

1.1 KiB

Raw Blame History