Description

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

Remediation

References

CVE-2011-0448

Related Vulnerabilities

Oracle JRE CVE-2013-2457 Vulnerability (CVE-2013-2457)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Object Injection (3.6.12)

Oracle Application Server Other Vulnerability (CVE-2007-0283)

WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Multiple Security Bypass Vulnerabilities (4.0.6)

PostgreSQL Arbitrary Code Execution Vulnerbality (CVE-2020-25696)

Severity

High

Classification

CVE-2011-0448 CWE-138

Tags

Missing Update Known Vulnerabilities