Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2930)

Description

Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

Remediation

References

Related Vulnerabilities

WordPress Plugin myGallery Remote File Include (1.4b4)

e107 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-2099)

CakePHP Improper Input Validation Vulnerability (CVE-2010-4335)

WordPress Other Vulnerability (CVE-2007-1049)

WordPress Plugin PDF & Print Button Joliprint Multiple Cross-Site Scripting Vulnerabilities (1.3.0)

Severity

High

Classification

CVE-2011-2930 CWE-138

Tags

Missing Update Known Vulnerabilities