Foreman 0.2 < 1.10.4, 1.11.x < 1.11.2 RCE Vulnerability

Foreman is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman...

CVE-2016-3728

It was found that the “variant” parameter in the TFTP API of Foreman was passed to the eval function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user...