Description

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

Remediation

References

CVE-2011-0448

Related Vulnerabilities

Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)

WordPress Plugin Triagis WordPress Security Evaluation-Check Folder Permissions, Fix For Common Security Vulnerabilities Multiple Cross-Site Request Forgery Vulnerabilities (1.15)

WordPress Plugin Scout bazar Cross-Site Scripting (1.3.3)

WordPress Plugin Site Kit by Google Security Bypass (1.7.1)

PHP Other Vulnerability (CVE-2006-1015)

Severity

High

Classification

CVE-2011-0448 CWE-138

Tags

Missing Update Known Vulnerabilities