5 matches found
CVE-2017-17916
SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...
CVE-2017-17916
SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...
CVE-2017-17916
SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...
CVE-2017-17916
Ruby on Rails 5.1.4 and earlier is affected by an SQL injection in the find_by method via the name parameter. The issue is reported as exploitable remotely to execute arbitrary SQL commands. The root cause is tied to using untrusted input in that method, with vendor dispute noted in multiple sour...
CVE-2017-17916
SQL injection vulnerability in the 'findby' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...