Description

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

Remediation

References

CVE-2011-0448

Related Vulnerabilities

Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2011-2487)

Joomla! Core 1.5.x Arbitrary File Upload (1.5.0 - 1.5.15)

WordPress Plugin Contextual Related Posts Cross-Site Request Forgery (1.8.6)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6477)

WordPress Plugin RapidLoad Power-Up for Autoptimize Multiple Vulnerabilities (1.7.1)

Severity

High

Classification

CVE-2011-0448 CWE-138

Tags

Missing Update Known Vulnerabilities