2 matches found
GHSA-FWJ4-6WGP-MPXM Katello: Denial of Service and potential information disclosure via SQL injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
SQL Injection
Overview katello is a package that adds Content and Subscription Management to Foreman Affected versions of this package are vulnerable to SQL Injection via improper sanitization of user input in the sortby parameter of the /api/hosts/bootcimages endpoint. An attacker can cause database errors or...