Unrated severityNVD Advisory· Published Jan 11, 2014· Updated Apr 29, 2026

CVE-2013-2050

Description

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.

Affected products

Red Hat/Cloudforms Management Engine
cpe:2.3:a:redhat:cloudforms_management_engine:5.1:*:*:*:*:*:*:*
Red Hat/Manageiq Enterprise Virtualization Manager
cpe:2.3:a:redhat:manageiq_enterprise_virtualization_manager:*:*:*:*:*:*:*:*
Range: <=5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txtnvdExploit
www.securityfocus.com/bid/64524nvdExploit
secunia.com/advisories/56181nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/89984nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.043
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000