actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

GHSA-Q34C-48GC-M9G8 actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

GHSA-GPPP-5XC5-WFPX Active Record allows bypassing of database-query restrictions

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

Active Record allows bypassing of database-query restrictions

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

actionpack allows bypass of database-query restrictions

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

GHSA-PR3R-4WRP-R2PV ActiveRecord in Ruby on Rails allows database-query bypass

Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

ActiveRecord in Ruby on Rails allows database-query bypass

Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

Action Pack contains database-query restrictions bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 2.3.16, 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to...

actionpack allows remote attackers to bypass database-query restrictions, perform NULL checks via crafted request

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

Unsafe Query Generation Risk in Ruby on Rails

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

Unsafe Query Generation Risk in Ruby on Rails

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

WordPress InLinks Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site.InLinks plugin is one of the link creation plugin. A SQL injection vulnerability exists in WordPress InLinks plugin...

SUSE-SU-2017:2716-1 Security update for the Ruby on Rails stack

This update brings version 4.2.9 of the Ruby on Rails stack to provide the latest fixes and improvements from upstream. The following security issues have been fixed by upstream: rubygem-actionpack-42 - CVE-2016-2098: Action Pack in Ruby on Rails allowed remote attackers to execute arbitrary Ruby...

Vendor BPC Silent on Patching SQL Injection in SmartVista Ecommerce Software

A popular ecommerce platform sold in 60 countries suffers from a SQL injection vulnerability privately disclosed in April that has yet to be patched by the vendor. BPC Banking Technologies of Switzerland has not acknowledged the vulnerability in its SmartVista suite of ecommerce and financial...

CVE-2017-15063

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing for example an attack against the query parameter to panel/database...

Anblik WordPress image-gallery-with-slideshow SQL Injection Vulnerability

Anblik WordPress image-gallery-with-slideshow is a slideshow plugin for WordPress developed by Anblik Web Design India. A SQL injection vulnerability exists in the image-gallery-with-slideshow/adminsetting.php file in Anblik WordPress image-gallery-with-slideshow version 1.5.2. A remote attacker...

SQL Injection Vulnerability in MIPCMS ApiAdminTag.php Page

MIPCMS is a free and open source based on Baidu Mobile Accelerator MIP engine based on the development of articles, information, content management system, but also the system for the Internet webmasters, entrepreneurs and other groups to create SEO-optimized after the station-building system. A...

WordPress Easy Modal classescontrolleradminmodals.php file SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability in the WordPress Easy Modal classescontrolleradminmodals.php file allows remote attackers to...

PHPSHE B2C mall system user.php parameter has sql injection vulnerability

PHPSHE mall system is a combination of product display, online shopping, order management, payment management, article management, customer consultation feedback and other functions, providing users with online shopping mall construction program. A SQL injection vulnerability exists in the user.p...

Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23890)

Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the /apps/apparticle/controller/editor.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of $POST'id'...