SQL-injection vulnerability in Ruby on Rails via crafted requestID: oval:org.secpod.oval:def:6304 | Date: (C)2012-07-03 (M)2023-02-20 |
Class: VULNERABILITY | Family: windows |
The host is installed with Ruby on Rails before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and the Rack interface. Successful exploitation allows attackers to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Vista |
Microsoft Windows XP |