James Laska (jlaska) reports: While filing an upstream bug regarding CFME not sanitizing user-input, I discovered it is possible to remotely inject ruby code.
Acknowledgements: This issue was discovered by James Laska of Red Hat.
This issue has been addressed in following products: Via RHSA-2013:1157 https://rhn.redhat.com/errata/RHSA-2013-1157.html