8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-3072

GHSA ID

GHSA-527r-mfmj-prqf

EPSS Score

0.70846%

CWE

CWE-89

Published

5/14/2022

Updated

2/13/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-3072

CVE-2016-3072: Katello SQL Injection vulnerabilities

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-3072

GHSA ID

GHSA-527r-mfmj-prqf

EPSS Score

0.70846%

CWE

CWE-89

Published

5/14/2022

Updated

2/13/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
katello	rubygems	< 2.4.3	2.4.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Multipl* SQL inj**tion vuln*r**iliti*s in t** s*op**_s**r** *un*tion in *pp/*ontroll*rs/k*t*llo/*pi/v*/*pi_*ontroll*r.r* in K*t*llo *llow r*mot* *ut**nti**t** us*rs to *x**ut* *r*itr*ry SQL *omm*n*s vi* t** (*) sort_*y or (*) sort_or**r p*r*m*t*r.

Reasoning

No *n*lysis *v*il**l*

8.8

Basic Information

Concerned about an active attack path?

CVE-2016-3072: Katello SQL Injection vulnerabilities

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI