Foreman · Foreman · CVE-2018-1096
**Name of the Vulnerable Software and Affected Versions**
Foreman versions prior to 1.16.1
**Description**
An input sanitization flaw was found in the `id` field in the dashboard controller. This flaw could be used to perform an SQL injection attack on the back end database.
**Recommendations**
For versions prior to 1.16.1, update to version 1.16.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the dashboard controller to minimize the risk of exploitation. Avoid using the `id` field in the dashboard controller until the issue is resolved.