4 matches found
Katello SQL Injection vulnerabilities
Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...
GHSA-527R-MFMJ-PRQF Katello SQL Injection vulnerabilities
Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...
Katello SQL Injection vulnerabilities
Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...
CVE-2016-3072
CVE-2016-3072 is evidenced by multiple sources describing SQL injection in Katello’s API (scoped_search in app/controllers/katello/api/v2/api_controller.rb) allowing authenticated remote users to inject SQL via sort_by or sort_order. Connected advisories (GHSA-527R-MFMJ-PRQF, GHSA-JX5V-788G-QW58)...