3 matches found
CVE-2008-6954
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
Code injection
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
CVE-2008-6954
CVE-2008-6954 affects CobblerWeb in Cobbler before 1.2.9, where the Cheetah template engine can execute Python statements embedded in kickstart templates. This enables remote authenticated users to run arbitrary Python code in cobblerd, effectively compromising the server. The vulnerability stems...