Home page logo
/

oss-sec logo oss-sec mailing list archives

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1
From: Amos Benari <abenari () redhat com>
Date: Thu, 20 Dec 2012 05:35:59 -0500 (EST)

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 allow remote 
attackers to execute arbitrary SQL commands via multiple parameters. These issues have been assigned the identifier 
CVE-2012-5648. Source code updates are available at: 
https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
The issue is now solved in Foreman 1.0.2


  By Date           By Thread  

Current thread:
  • Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 Amos Benari (Dec 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault