NVD

Id
46749  
Name
CVE-2012-5648  
Description
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-04-04  
Modified Date
2014-05-08  
Seq
2012-5648  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
234214 46749 CVE-2012-5648 [oss-security] 20121220 Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1  View
234215 46749 CVE-2012-5648 foreman-multiple-sql-injection(80793)  View
234216 46749 CVE-2012-5648 https://github.com/theforeman/foreman/commit/387b764b614170f23b3552aca498612e341652db  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
30460 JVNDB-2012-006168 Foreman における SQL インジェクションの脆弱性 Foreman には、検索メカニズムに関する処理に不備があるため、SQL インジェクションの脆弱性が存在します。 CVE-2012-5648 58886 CVE-2012-5648 46749 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-006168.html 2012-12-19 2014-04-07 View