cpe:/a:rubyonrails:rails:0.9.1 cpe:/a:rubyonrails:rails:0.9.2 cpe:/a:rubyonrails:rails:0.9.3 cpe:/a:rubyonrails:rails:0.9.4 cpe:/a:rubyonrails:rails:0.9.4.1 cpe:/a:rubyonrails:rails:0.10.0 cpe:/a:rubyonrails:rails:0.10.1 cpe:/a:rubyonrails:rails:0.11.0 cpe:/a:rubyonrails:rails:0.11.1 cpe:/a:rubyonrails:rails:0.12.0 cpe:/a:rubyonrails:rails:0.12.1 cpe:/a:rubyonrails:rails:0.13.0 cpe:/a:rubyonrails:rails:0.13.1 cpe:/a:rubyonrails:rails:0.14.1 cpe:/a:rubyonrails:rails:0.14.2 cpe:/a:rubyonrails:rails:0.14.3 cpe:/a:rubyonrails:rails:0.14.4 cpe:/a:rubyonrails:rails:1.0.0 cpe:/a:rubyonrails:rails:1.1.0 cpe:/a:rubyonrails:rails:1.1.1 cpe:/a:rubyonrails:rails:1.1.2 cpe:/a:rubyonrails:rails:1.1.3 cpe:/a:rubyonrails:rails:1.1.4 cpe:/a:rubyonrails:rails:1.1.5 cpe:/a:rubyonrails:rails:1.1.6 cpe:/a:rubyonrails:rails:1.2.0 cpe:/a:rubyonrails:rails:1.2.1 cpe:/a:rubyonrails:rails:1.2.2 cpe:/a:rubyonrails:rails:1.2.3 cpe:/a:rubyonrails:rails:1.2.4 cpe:/a:rubyonrails:rails:1.2.5 cpe:/a:rubyonrails:rails:1.2.6 cpe:/a:rubyonrails:rails:1.9.5 cpe:/a:rubyonrails:rails:2.0.0 cpe:/a:rubyonrails:rails:2.0.0:rc1 cpe:/a:rubyonrails:rails:2.0.0:rc2 cpe:/a:rubyonrails:rails:2.0.1 cpe:/a:rubyonrails:rails:2.0.2 cpe:/a:rubyonrails:rails:2.0.4 cpe:/a:rubyonrails:rails:2.1.0 cpe:/a:rubyonrails:ruby_on_rails:0.5.0 cpe:/a:rubyonrails:ruby_on_rails:0.5.5 cpe:/a:rubyonrails:ruby_on_rails:0.5.6 cpe:/a:rubyonrails:ruby_on_rails:0.5.7 cpe:/a:rubyonrails:ruby_on_rails:0.6.0 cpe:/a:rubyonrails:ruby_on_rails:0.6.5 cpe:/a:rubyonrails:ruby_on_rails:0.7.0 cpe:/a:rubyonrails:ruby_on_rails:0.8.0 cpe:/a:rubyonrails:ruby_on_rails:0.8.5 cpe:/a:rubyonrails:ruby_on_rails:0.9.0 cpe:/a:rubyonrails:ruby_on_rails:2.1.0 CVE-2008-4094 2008-09-30T13:22:09.147-04:00 2019-08-08T10:43:53.293-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov SECTRACK 1020871 BID 31176 SECUNIA 31875 SECUNIA 31909 SECUNIA 31910 VUPEN ADV-2008-2562 SUSE SUSE-SR:2008:027 MLIST [oss-security] 20080913 CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection MLIST [oss-security] 20080915 Re: CVE request: Ruby on Rails <2.1.1 :limit and :offset SQL injection MISC http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1 CONFIRM http://gist.github.com/8946 CONFIRM http://rails.lighthouseapp.com/projects/8994/tickets/288 CONFIRM http://rails.lighthouseapp.com/projects/8994/tickets/964 MISC http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/ XF rubyonrails-activerecord-sql-injection(45109) Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.