Description
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
References (6)
Core 6
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2012/q4/499
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51557
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80793
Patch x_refsource_confirm
https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/88623
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/88618
Scores
EPSS
0.0212
EPSS Percentile
79.5%
Details
CWE
CWE-89
Status
published
Products (6)
theforeman/foreman
0.1
theforeman/foreman
0.2
theforeman/foreman
0.3
theforeman/foreman
0.4
theforeman/foreman
0.4.1
theforeman/foreman
< 1.0
Published
Apr 04, 2014
Tracked Since
Feb 18, 2026