Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

Remediation

References

CVE-2010-3933

Related Vulnerabilities

WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.23)

WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)

WordPress Plugin Mass Pages/Posts Creator Cross-Site Scripting (1.2.2)

MySQL CVE-2021-2201 Vulnerability (CVE-2021-2201)

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-4330)

Severity

Medium

Classification

CVE-2010-3933 CWE-20

Tags

Missing Update Known Vulnerabilities