Vulnerability Details CVE-2012-5648
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/show/osvdb/88618
- http://osvdb.org/show/osvdb/88623
- http://seclists.org/oss-sec/2012/q4/499
- http://secunia.com/advisories/51557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80793
- https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
- http://osvdb.org/show/osvdb/88618
- http://osvdb.org/show/osvdb/88623
- http://seclists.org/oss-sec/2012/q4/499
- http://secunia.com/advisories/51557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80793
- https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
Products affected by CVE-2012-5648
-
cpe:2.3:a:theforeman:foreman:-
-
cpe:2.3:a:theforeman:foreman:0.1
-
cpe:2.3:a:theforeman:foreman:0.2
-
cpe:2.3:a:theforeman:foreman:0.3
-
cpe:2.3:a:theforeman:foreman:0.4
-
cpe:2.3:a:theforeman:foreman:0.4.1
-
cpe:2.3:a:theforeman:foreman:0.4.2
-
cpe:2.3:a:theforeman:foreman:1.0