The host is installed with Ruby on Rails before 2.3.13 or 3.0.x before 3.0.10 or 3.1.x before 3.1.0.rc5 and is prone to multiple SQL injection vulnerabilities. The flaws are present in the application which fail to properly handle a crafted column name. Successful exploitation allows remote attackers to inject arbitrary SQL into a query.