CVE-2016-3072
Katello: Authenticated sql injection via sort_by and sort_order request parameter
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
Múltiples vulnerabilidades de inyección SQL en la función scoped_search en app/controllers/katello/api/v2/api_controller.rb en Katello permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de parámetro (1) sort_by o (2) sort_order.
An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-03-10 CVE Reserved
- 2016-05-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Katello/katello/pull/6051 | 2023-02-12 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2016:1083 | 2023-02-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1322050 | 2016-05-16 | |
| https://access.redhat.com/security/cve/CVE-2016-3072 | 2016-05-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 6.1 Search vendor "Redhat" for product "Satellite" and version "6.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 6.1 Search vendor "Redhat" for product "Satellite" and version "6.1" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
| Katello Search vendor "Katello" | Katello Search vendor "Katello" for product "Katello" | - | - |
Affected
| ||||||