Jan Rusnacko of the Red Hat Product Security Team reports: The ReportController action saved_report_delete fails to sanitize user input. By passing an array in user supplied data can be sent directly to MiqReportResult.exists? which is then used to construct an SQL query that is executed.
Acknowledgements: This issue was discovered by Jan Rusnacko of the Red Hat Product Security Team.
This issue has been addressed in following products: CloudForms Management Engine 5.x Via RHSA-2014:0469 https://rhn.redhat.com/errata/RHSA-2014-0469.html