Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
12 Feb 2023, 23:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. |
02 Feb 2023, 21:16
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that the “variant” parameter in the TFTP API of Foreman was passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user. | |
References |
|
Information
Published : 2016-05-20 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-3728
Mitre link : CVE-2016-3728
CVE.ORG link : CVE-2016-3728
JSON object : View
Products Affected
theforeman
- foreman
CWE
CWE-284
Improper Access Control