SQL-injection vulnerability in Ruby on Rails via crafted request (Mac OS)ID: oval:org.secpod.oval:def:6308 | Date: (C)2012-07-03 (M)2023-02-20 |
Class: VULNERABILITY | Family: macos |
The host is installed with Ruby on Rails before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and the Rack interface. Successful exploitation allows attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Platform: |
Apple Mac OS X 10.8 |
Apple Mac OS X Server 10.8 |
Apple Mac OS X 10.9 |
Apple Mac OS X Server 10.9 |
Apple Mac OS X 10.10 |
Apple Mac OS X Server 10.10 |