CVE-2014-0007

Foreman <1.4.5, <1.5.1 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0007. PoCs published by Lukas Zapletal.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Foreman's TFTP proxy service by injecting arbitrary commands via the 'path' parameter in a POST request. The provided curl command demonstrates the vulnerability by executing a 'touch' command to create a file.

Description

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Lukas Zapletal · textremotemultiple
https://www.exploit-db.com/exploits/39222

This exploit leverages a command injection vulnerability in Foreman's TFTP proxy service by injecting arbitrary commands via the 'path' parameter in a POST request. The provided curl command demonstrates the vulnerability by executing a 'touch' command to create a file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Foreman (specific version not specified)
No auth needed
Prerequisites: Network access to the vulnerable Foreman instance · Foreman proxy service exposed and vulnerable
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0770.html
Patch x_refsource_confirm
http://projects.theforeman.org/issues/6086

Scores

EPSS 0.0902
EPSS Percentile 94.6%

Details

Status published
Products (6)
theforeman/foreman 1.4.0
theforeman/foreman 1.4.1
theforeman/foreman 1.4.2
theforeman/foreman 1.4.3
theforeman/foreman 1.5.0
theforeman/foreman < 1.4.4
Published Jun 20, 2014
Tracked Since Feb 18, 2026