Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

Remediation

References

CVE-2010-3933

Related Vulnerabilities

WordPress Plugin AdWizz 'link' Parameter Cross-Site Scripting (1.0)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2021-3733)

WordPress Plugin Polylang Cross-Site Scripting (1.5.1)

WordPress Plugin DX Share Selection Cross-Site Request Forgery (1.4)

WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)

Severity

Medium

Classification

CVE-2010-3933 CWE-20

Tags

Missing Update Known Vulnerabilities