Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5648

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5648
Last Modified 08 May 2014 02:42:04
Published 04 Apr 2014 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5648

Summary

Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.

Vulnerable Systems

Application

  • Theforeman Foreman 0.1

  • Theforeman Foreman 0.2

  • Theforeman Foreman 0.3

  • Theforeman Foreman 0.4

  • Theforeman Foreman 0.4.1

  • Theforeman Foreman 1.0

  • Theforeman Foreman 1.0.1


References

CONFIRM - https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db

XF - foreman-multiple-sql-injection(80793)

SECUNIA - 51557

MLIST - [oss-security] 20121220 Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1

OSVDB - 88623

OSVDB - 88618


Last Updated: 27 May 2016 11:05:12