Description
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.
Remediation
References
Related Vulnerabilities
MediaWiki Use of Insufficiently Random Values Vulnerability (CVE-2023-22912)
WordPress Plugin Abandoned Cart Pro for WooCommerce Cross-Site Scripting (7.11.1)
MySQL CVE-2021-2009 Vulnerability (CVE-2021-2009)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (3.0.30)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7330)