The host is installed with Ruby on Rails before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and the Rack interface. Successful exploitation allows attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.