Linux Distros Unpatched Vulnerability : CVE-2016-4861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging...

SUSE CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

GHSA-P9HP-3GPV-52W3 Zend Framework Allows SQL Injection

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...

Ruby on Rails SQL Injection Vulnerability (CNVD-2018-01348)

Ruby on Rails is a Web application development framework written in the Ruby language. A SQL injection vulnerability exists in the 'order' method in Ruby on Rails 5.1.4 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the 'id desc' parameter...

DEBIAN-CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

Sql injection

DISPUTED SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

UBUNTU-CVE-2017-17919

DISPUTED SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with...

CVE-2017-17919

The CVE-2017-17919 entry describes a SQL injection in Rails 5.1.4 and earlier, exploitable via the id desc parameter in the order method. Concrete details across connected docs: affected software (Ruby on Rails), vulnerable component (order method handling untrusted input), and the underlying iss...

CVE-2017-17919

SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

PT-2017-15099 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 5.1.4 and earlier Description: A SQL injection issue in the 'order' method allows remote attackers to execute arbitrary SQL commands via the id desc parameter. The vendor disputes this issue, stating that the method is...

SQL Injection

ZendFramework is vulnerable to SQL Injection. The order and group methods in library/Zend/Db/Select.php does not sanitize the user input properly, allowing a malicious user to inject and execute arbitrary SQL queries...

CVE-2016-6233

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...

UBUNTU-CVE-2016-6233

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...