CVE-2018-1096

CWE-89SQL Injection5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 45.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Theforeman ForemanForeman Project ForemanRedhat Satellite
Timeline
PublishedApr 5
Latest updateMay 13

Description

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDtheforeman/foreman< 1.16.1
CVEListV5foreman_project/foremanbefore 1.16.1

🔴Vulnerability Details

2
GHSA
GHSA-q2gj-47jq-58pr: An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 12022-05-13
CVEList
CVE-2018-1096: An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 12018-04-05

📋Vendor Advisories

1
Red Hat
foreman: SQL injection due to improper handling of the widget id parameter2018-03-28

💬Community

1
Bugzilla
CVE-2018-1096 foreman: SQL injection due to improper handling of the widget id parameter2018-03-27