Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

Remediation

References

CVE-2010-3933

Related Vulnerabilities

WordPress 4.7.x Cross-Site Request Forgery (4.7 - 4.7.12)

FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029)

MySQL CVE-2021-2146 Vulnerability (CVE-2021-2146)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14721)

WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4)

Severity

Medium

Classification

CVE-2010-3933 CWE-20

Tags

Missing Update Known Vulnerabilities