This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
c5c9607b201bbed12138b9c01832cadc3f0585df9c929779954f3b1deff22316
Red Hat Security Advisory 2013-0995-01 - A flaw was found in the create method of the Foreman Bookmarks controller. A user with privileges to create a bookmark could use this flaw to execute arbitrary code with the privileges of the user running Foreman, giving them control of the system running Foreman and all systems managed by Foreman.
a6ea90b4ec301210ea27cf545a21cf478f09de9e3ff6fc69ffd8f53ff3497b99