Description
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Remediation
References
Related Vulnerabilities
WordPress Plugin Nextend Google Connect Unspecified Vulnerability (1.5.3)
Drupal Core 8.6.x Cross-Site Scripting (8.6.0 - 8.6.14)
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669)
WordPress Plugin Arigato Autoresponder and Newsletter Multiple Unspecified Vulnerabilities (2.4.2)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Request Forgery (10.4.1.1)