Bug #23028
closed
CVE-2018-1096: SQL injection in dashboard controller
Added by Tomer Brisker over 6 years ago.
Updated about 6 years ago.
Description
Widget id is not properly escaped for save_positions action on the dashboard, leading to SQL injection possibility.
This only allows injecting conditions to the select conditions, as it is a prepared query it does not allow executing additional commands.
It is only available to authenticated users.
This issue was reported by Martin Povolný from Red Hat.
- Description updated (diff)
- Related to Refactor #8106: Save dashboard widgets in DB to increase flexibility added
- Subject changed from SQL injection in dashboard controller to CVE-2018-1096: SQL injection in dashboard controller
- Private changed from Yes to No
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5363 added
- Translation missing: en.field_release set to 332
- Pull request https://github.com/theforeman/foreman/pull/5364 added
- Pull request https://github.com/theforeman/foreman/pull/5365 added
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by