Description
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
Remediation
References
Related Vulnerabilities
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2011-2487)
Joomla! Core 1.5.x Arbitrary File Upload (1.5.0 - 1.5.15)
WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)
WordPress Plugin RapidLoad Power-Up for Autoptimize Multiple Vulnerabilities (1.7.1)