[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

SQL-injection vulnerability in Ruby on Rails via crafted request

ID: oval:org.secpod.oval:def:6304Date: (C)2012-07-03   (M)2023-02-20
Class: VULNERABILITYFamily: windows




The host is installed with Ruby on Rails before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and the Rack interface. Successful exploitation allows attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Platform:
Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product:
Ruby on Rails
Reference:
CVE-2012-2660
CVE    1
CVE-2012-2660
CPE    1
cpe:/a:ruby_on_rails:ruby_on_rails

© SecPod Technologies