CVE-2013-2050

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

Published: Jan 11, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-2050
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
redhat / cloudforms_management_engine	5.1	5.1.x
redhat / manageiq_enterprise_virtualization_manager	-	5.0.x

http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt
http://secunia.com/advisories/56181
http://www.securityfocus.com/bid/64524
https://bugzilla.redhat.com/show_bug.cgi?id=959062
https://exchange.xforce.ibmcloud.com/vulnerabilities/89984

Vulnerability Database

289,599

CVE-2013-2050