Published: 31/07/2013 Updated: 13/02/2023

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 605

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman prior to 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

Vulnerable Product	Search on Vulmon	Subscribe to Product
theforeman foreman
redhat openstack 3.0
theforeman foreman 1.1

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient ...

CWE-94 https://bugzilla.redhat.com/show_bug.cgi?id=966804 http://rhn.redhat.com/errata/RHSA-2013-0995.html http://projects.theforeman.org/issues/2631 http://www.exploit-db.com/exploits/27045 https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU https://nvd.nist.gov https://www.exploit-db.com/exploits/27045/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2121

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect