Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2017-17920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name'...

8.1CVSS8.5AI score0.01518EPSS
Exploits1References2
NVD
NVD
added 2017/12/29 4:29 p.m.21 views

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.1CVSS8.6AI score0.01518EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2017/12/29 4:29 p.m.34 views

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.1CVSS7.5AI score0.01518EPSS
Exploits1References2
CVE
CVE
added 2017/12/29 4:0 p.m.70 views

CVE-2017-17920

CVE-2017-17920 affects Ruby on Rails 5.1.4 and earlier, via the reorder method where the name parameter can be used to inject SQL. The root cause is SQL injection in that method, enabling arbitrary SQL execution. Multiple connected sources confirm the vulnerability and the vendor disputes the iss...

8.1CVSS8.6AI score0.01518EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/12/29 4:0 p.m.19 views

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.6AI score0.01518EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2017/12/29 4:0 p.m.28 views

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

8.1CVSS8.6AI score0.01518EPSS
Exploits1
Rows per page
Query Builder