Lucene search

[email protected]CVE-2008-4094

HistorySep 30, 2008 - 5:22 p.m.

CVE-2008-4094

2008-09-3017:22:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-4094

sql injection

ruby on rails

remote attackers

activerecord

activesupport

activeresource

actionpack

actionmailer

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

Affected configurations

NVD

Node

rubyonrailsrailsMatch0.9.1

rubyonrailsrailsMatch0.9.2

rubyonrailsrailsMatch0.9.3

rubyonrailsrailsMatch0.9.4

rubyonrailsrailsMatch0.9.4.1

rubyonrailsrailsMatch0.10.0

rubyonrailsrailsMatch0.10.1

rubyonrailsrailsMatch0.11.0

rubyonrailsrailsMatch0.11.1

rubyonrailsrailsMatch0.12.0

rubyonrailsrailsMatch0.12.1

rubyonrailsrailsMatch0.13.0

rubyonrailsrailsMatch0.13.1

rubyonrailsrailsMatch0.14.1

rubyonrailsrailsMatch0.14.2

rubyonrailsrailsMatch0.14.3

rubyonrailsrailsMatch0.14.4

rubyonrailsrailsMatch1.0.0

rubyonrailsrailsMatch1.1.0

rubyonrailsrailsMatch1.1.1

rubyonrailsrailsMatch1.1.2

rubyonrailsrailsMatch1.1.3

rubyonrailsrailsMatch1.1.4

rubyonrailsrailsMatch1.1.5

rubyonrailsrailsMatch1.1.6

rubyonrailsrailsMatch1.2.0

rubyonrailsrailsMatch1.2.1

rubyonrailsrailsMatch1.2.2

rubyonrailsrailsMatch1.2.3

rubyonrailsrailsMatch1.2.4

rubyonrailsrailsMatch1.2.5

rubyonrailsrailsMatch1.2.6

rubyonrailsrailsMatch1.9.5

rubyonrailsrailsMatch2.0.0

rubyonrailsrailsMatch2.0.0rc1

rubyonrailsrailsMatch2.0.0rc2

rubyonrailsrailsMatch2.0.1

rubyonrailsrailsMatch2.0.2

rubyonrailsrailsMatch2.0.4

rubyonrailsrailsMatch2.1.0

rubyonrailsruby_on_railsRange≤2.1.0

rubyonrailsruby_on_railsMatch0.5.0

rubyonrailsruby_on_railsMatch0.5.5

rubyonrailsruby_on_railsMatch0.5.6

rubyonrailsruby_on_railsMatch0.5.7

rubyonrailsruby_on_railsMatch0.6.0

rubyonrailsruby_on_railsMatch0.6.5

rubyonrailsruby_on_railsMatch0.7.0

rubyonrailsruby_on_railsMatch0.8.0

rubyonrailsruby_on_railsMatch0.8.5

rubyonrailsruby_on_railsMatch0.9.0

CPENameOperatorVersion
rubyonrails:railsrubyonrails railseq0.9.1
rubyonrails:railsrubyonrails railseq0.9.2
rubyonrails:railsrubyonrails railseq0.9.3
rubyonrails:railsrubyonrails railseq0.9.4
rubyonrails:railsrubyonrails railseq0.9.4.1
rubyonrails:railsrubyonrails railseq0.10.0
rubyonrails:railsrubyonrails railseq0.10.1
rubyonrails:railsrubyonrails railseq0.11.0
rubyonrails:railsrubyonrails railseq0.11.1
rubyonrails:railsrubyonrails railseq0.12.0

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	eq	0.9.1
rubyonrails:rails	rubyonrails rails	eq	0.9.2
rubyonrails:rails	rubyonrails rails	eq	0.9.3
rubyonrails:rails	rubyonrails rails	eq	0.9.4
rubyonrails:rails	rubyonrails rails	eq	0.9.4.1
rubyonrails:rails	rubyonrails rails	eq	0.10.0
rubyonrails:rails	rubyonrails rails	eq	0.10.1
rubyonrails:rails	rubyonrails rails	eq	0.11.0
rubyonrails:rails	rubyonrails rails	eq	0.11.1
rubyonrails:rails	rubyonrails rails	eq	0.12.0