CVE-2008-7309

2012-04-0422:00:00

mitre

www.cve.org

insoshi

vulnerability

forumpost

mass assignment

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

60.9%

JSON

Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a “mass assignment” vulnerability.

References

blog.mhartl.com/2008/09/21/finding-and-fixing-mass-assignment-problems-in-rails-applications/

railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment