Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed prior to 2.3.1 allow remote malicious users to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache jetspeed |