Description

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

Remediation

References

CVE-2006-4111

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2009-2409)

WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)

WordPress Plugin MiniMax-Page Layout Builder Cross-Site Scripting (1.9.3)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-11494)

MongoDb Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4650)

Severity

High

Classification

CVE-2006-4111 CWE-94

Tags

Missing Update Known Vulnerabilities