Описание
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.16.1 (исключая)
cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00315
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 6.5
redhat
почти 8 лет назад
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
CVSS3: 6.5
debian
почти 8 лет назад
An input sanitization flaw was found in the id field in the dashboard ...
CVSS3: 6.5
github
больше 3 лет назад
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
EPSS
Процентиль: 54%
0.00315
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
CWE-89