Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Remediation

References

CVE-2014-0080

Related Vulnerabilities

PHPFusion Multiple SQL Injection Vulnerabilities (CVE-2014-8596)

OpenSSL Other Vulnerability (CVE-2001-1141)

WordPress Plugin iubenda-All-in-one Compliance for GDPR/CCPA Cookie Consent + more Privilege Escalation (3.3.2)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21706)

WordPress Plugin Music Store Open Redirect (1.0.14)

Severity

Medium

Classification

CVE-2014-0080 CWE-138

Tags

Missing Update Known Vulnerabilities