CVE-2012-5648

Published: Apr 4, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20121220 Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1

mailing-list

x_refsource_MLIST

51557

third-party-advisory

x_refsource_SECUNIA

foreman-multiple-sql-injection(80793)

vdb-entry

x_refsource_XF

https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db

x_refsource_CONFIRM

88623

vdb-entry

x_refsource_OSVDB

88618

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-5648

Description

Affected Products

References