DEBIAN-CVE-2012-2054
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...