Ruby on Rails Improper Input Validation Vulnerability (CVE-2010-3933)

Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

Remediation

References

CVE-2010-3933

Related Vulnerabilities

Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8451)

Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2022-37783)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2891)

WordPress Plugin EventCommerce WP Event Calendar Cross-Site Scripting (1.0)

PHP Improper Input Validation Vulnerability (CVE-2013-3735)

Severity

Medium

Classification

CVE-2010-3933 CWE-20