Sql injection

2013-11-2014:12:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.4%

JSON

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

CPENameOperatorVersion
openstackeq3.0
foremaneq1.2.1
foremaneq1.2.0 rc1
foremaneq1.2.0
foremanle1.2.2
foremaneq1.2.0 rc2

Name	Operator	Version
openstack	eq	3.0
foreman	eq	1.2.1
foreman	eq	1.2.0 rc1
foreman	eq	1.2.0
foreman	le	1.2.2
foreman	eq	1.2.0 rc2

References

projects.theforeman.org/issues/3160

rhn.redhat.com/errata/RHSA-2013-1522.html

groups.google.com/forum/