Описание
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0 (включая)
Одно из
cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:0.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:0.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:0.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:0.4:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:0.4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00738
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
debian
почти 12 лет назад
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow r ...
github
больше 3 лет назад
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
EPSS
Процентиль: 72%
0.00738
Низкий
7.5 High
CVSS2
Дефекты
CWE-89