CVE-2013-2121

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

Published: Jul 31, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2121
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
theforeman / foreman	-	1.2.0.x
redhat / openstack	3.0	3.0.x
theforeman / foreman	1.1	1.1.x

http://projects.theforeman.org/issues/2631
http://rhn.redhat.com/errata/RHSA-2013-0995.html
http://www.exploit-db.com/exploits/27045
https://bugzilla.redhat.com/show_bug.cgi?id=966804
https://groups.google.com/forum/#%21topic/foreman-users/6WpO_3ugiXU

Vulnerability Database

289,599

CVE-2013-2121