Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2017-17919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc'...

8.1CVSS8.5AI score0.01518EPSS
Exploits1References2
NVD
NVD
added 2017/12/29 4:29 p.m.20 views

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.1CVSS8.6AI score0.01518EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/12/29 4:0 p.m.20 views

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.6AI score0.01518EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2017/12/29 4:0 p.m.13 views

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.7AI score0.01518EPSS
Exploits1References1
CVE
CVE
added 2017/12/29 4:0 p.m.80 views

CVE-2017-17919

The CVE-2017-17919 entry describes a SQL injection in Rails 5.1.4 and earlier, exploitable via the id desc parameter in the order method. Concrete details across connected docs: affected software (Ruby on Rails), vulnerable component (order method handling untrusted input), and the underlying iss...

8.1CVSS8.6AI score0.01518EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2017/12/29 4:0 p.m.29 views

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.1CVSS8.6AI score0.01518EPSS
Exploits1
Rows per page
Query Builder