Description

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

Remediation

References

CVE-2008-4094

Related Vulnerabilities

WordPress Plugin AnyFont Cross-Site Scripting (2.2.3)

Oracle HTTP Server CVE-2013-5704 Vulnerability (CVE-2013-5704)

WordPress Plugin Clik stats Open Redirect (0.8)

WordPress Plugin WooCommerce Upload My File Cross-Site Request Forgery (0.3.9)

WeBid Other Vulnerability (CVE-2014-5114)

Severity

High

Classification

CVE-2008-4094 CWE-138

Tags

Missing Update Known Vulnerabilities