CVE-2013-2121 Information

Description

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

Reference

http://projects.theforeman.org/issues/2631 http://rhn.redhat.com/errata/RHSA-2013-0995.html http://www.exploit-db.com/exploits/27045 https://bugzilla.redhat.com/show_bug.cgi?id=966804 https://groups.google.com/forum/!topic/foreman-users/6WpO_3ugiXU