SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:42
Type | Values Removed | Values Added |
---|---|---|
Summary | SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. | |
References |
|
02 Feb 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2013-2050 CloudForms Management Engine 2: miq_policy/explorer SQL injection | |
References |
|
Information
Published : 2014-01-11 01:55
Updated : 2023-12-10 11:16
NVD link : CVE-2013-2050
Mitre link : CVE-2013-2050
CVE.ORG link : CVE-2013-2050
JSON object : View
Products Affected
redhat
- manageiq_enterprise_virtualization_manager
- cloudforms_management_engine
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')