SUSE CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01347)

Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'reorder' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'name' parameter...

UBUNTU-CVE-2017-17920

DISPUTED SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

DEBIAN-CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

PT-2017-15100 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 5.1.4 and earlier Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the name parameter in the 'reorder' method. It's worth noting that the vendor disputes...