Multiple SQL injection vulnerabilities in the ActiveRecord adapters in Ruby on RailsID: oval:org.secpod.oval:def:2496 | Date: (C)2011-10-04 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Ruby on Rails before 2.3.13 or 3.0.x before 3.0.10 or 3.1.x before 3.1.0.rc5 and is prone to multiple SQL injection vulnerabilities. The flaws are present in the application which fail to properly handle a crafted column name. Successful exploitation allows remote attackers to inject arbitrary SQL into a query.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Microsoft Windows XP |