exploitDog

GHSA-h3r2-9qhv-2vw2

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

Ссылки

EPSS

Процентиль: 98%

0.54161

Средний

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2013-2050

redhat

около 12 лет назад

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

CVE-2013-2050

nvd

около 12 лет назад

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

EPSS

Процентиль: 98%

0.54161

Средний

CVE ID

Дефекты

CWE-89