oss-sec mailing list archives
Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1
From: Amos Benari <abenari () redhat com>
Date: Thu, 20 Dec 2012 05:35:59 -0500 (EST)
Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 allow remote attackers to execute arbitrary SQL commands via multiple parameters. These issues have been assigned the identifier CVE-2012-5648. Source code updates are available at: https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db The issue is now solved in Foreman 1.0.2
Current thread:
- Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 Amos Benari (Dec 20)