### [CVE-2023-0118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0118)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.11%20for%20RHEL%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.11%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.12%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.13%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Satellite%206.14%20for%20RHEL%208&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen)

### Description

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds