Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
References
Configurations
Configuration 1 (hide)
|
History
07 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2011-02-21 18:00
Updated : 2024-02-28 11:41
NVD link : CVE-2011-0448
Mitre link : CVE-2011-0448
CVE.ORG link : CVE-2011-0448
JSON object : View
Products Affected
rubyonrails
- rails
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')