CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to
the limit function specify integer values, which makes it easier
for remote attackers to conduct SQL injection attacks via a
non-numeric argument.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | activerecord | * | cpe:2.3:a:ruby:activerecord:*:*:*:*:*:*:*:* |