Lucene search
FreeBSD8E8B8B94-7F1D-11DD-A66A-0019666436C2HistorySep 08, 2008 - 12:00 a.m.
rubygem-rails -- SQL injection vulnerability
2008-09-0800:00:00
vuxml.freebsd.org
19
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.4%
Jonathan Weiss reports, that it is possible
to perform an SQL injection in Rails applications
via not correctly sanitized :limit and :offset
parameters. It is possible to change arbitrary
values in affected tables or gain access to the
sensitive data.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | rubygem-rails | < 2.2.2 | UNKNOWN |
Related
nessus
nessus
fedora
fedora
[SECURITY] Fedora 9 Update: rubygems-1.2.0-2.fc9
2008-09-28 18:38:43
[SECURITY] Fedora 8 Update: rubygem-activesupport-2.1.1-1.fc8
2008-10-16 02:02:15
[SECURITY] Fedora 8 Update: rubygem-actionpack-2.1.1-1.fc8
2008-10-16 02:02:15
openvas
openvas
Fedora Update for rubygem-activeresource FEDORA-2008-8282
2009-02-17 00:00:00
Fedora Update for rubygem-rails FEDORA-2008-8282
2009-02-17 00:00:00
Fedora Update for rubygems FEDORA-2008-8282
2009-02-17 00:00:00
github
github
Rails ActiveRecord gem vulnerable to SQL injection
2017-10-24 18:33:38
debiancve
debiancve
CVE-2008-4094
2008-09-30 17:22:00
cve
cve
CVE-2008-4094
2008-09-30 17:22:00
ubuntucve
ubuntucve
CVE-2008-4094
2008-09-30 00:00:00
prion
prion
Sql injection
2008-09-30 17:22:00
osv
osv
Rails ActiveRecord gem vulnerable to SQL injection
2017-10-24 18:33:38
gitlab
gitlab
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2009-12-20 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
59.4%
Related for 8E8B8B94-7F1D-11DD-A66A-0019666436C2