Aaron Patterson of Red Hat reports:
If the REST API is going to support a filter, that should be converted to an
ActiveRecord where clause - where it should be safer. In general, it would be
good to understand why we offer SQL filters on the REST API because I do not
think they should be exposed.
This issue was discovered by the Red Hat CloudForms Team.
This issue has been addressed in the following products:
CloudForms Management Engine 5.3
Via RHSA-2015:0028 https://rhn.redhat.com/errata/RHSA-2015-0028.html