Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

Remediation

References

CVE-2010-3933

Related Vulnerabilities

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Privilege Escalation (2.10.0)

Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2595)

WordPress Plugin verwei.se-WordPress-Twitter Cross-Site Scripting (1.0.2)

Severity

Medium

Classification

CVE-2010-3933 CWE-20

Tags

Missing Update Known Vulnerabilities