Amos Benari

**Name of the Vulnerable Software and Affected Versions** Foreman versions prior to 1.0.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism. **Recommendations** For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the search mechanism in app/models/hostext/search.rb and app/models/puppetclass.rb until a patch is available. Avoid using unspecified parameters in these models to minimize the risk of exploitation.