CVE-2012-5648
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
04/04/2014
Last modified:
12/04/2025
Description
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:theforeman:foreman:*:*:*:*:*:*:*:* | 1.0 (including) | |
| cpe:2.3:a:theforeman:foreman:0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:theforeman:foreman:0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:theforeman:foreman:0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:theforeman:foreman:0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:theforeman:foreman:0.4.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/show/osvdb/88618
- http://osvdb.org/show/osvdb/88623
- http://seclists.org/oss-sec/2012/q4/499
- http://secunia.com/advisories/51557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80793
- https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db
- http://osvdb.org/show/osvdb/88618
- http://osvdb.org/show/osvdb/88623
- http://seclists.org/oss-sec/2012/q4/499
- http://secunia.com/advisories/51557
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80793
- https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db