Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.6 views

SUSE CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

8.1CVSS8.7AI score0.02264EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2017/12/29 4:29 p.m.45 views

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

8.1CVSS7.5AI score0.02264EPSS
Exploits1References2
OSV
OSV
added 2017/12/29 4:29 p.m.4 views

UBUNTU-CVE-2017-17917

DISPUTED SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

8.1CVSS7.6AI score0.02264EPSS
Exploits1References3
NVD
NVD
added 2017/12/29 4:29 p.m.21 views

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

8.1CVSS8.6AI score0.02264EPSS
Exploits1References1
CVE
CVE
added 2017/12/29 4:0 p.m.70 views

CVE-2017-17917

Ruby on Rails SQL injection CVE-2017-17917 affects Rails 5.1.4 and earlier, via the vulnerable "+where" method using the id parameter. The underlying issue allows remote execution of arbitrary SQL commands; vendor disputes the issue due to documentation stating the method isn’t intended for untru...

8.1CVSS8.6AI score0.02264EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2017/12/29 4:0 p.m.17 views

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

8.1CVSS8.6AI score0.02264EPSS
Exploits1
Cvelist
Cvelist
added 2017/12/29 4:0 p.m.28 views

CVE-2017-17917

SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted inpu...

8.6AI score0.02264EPSS
Exploits1References1
Rows per page
Query Builder