Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman prior to 1.10.4 and 1.11.x prior to 1.11.2 allows remote malicious users to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
theforeman foreman 1.11.0 |
||
theforeman foreman 1.11.1 |
||
theforeman foreman 1.10.3 |