Description
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quiz Maker SQL Injection (6.5.8.3)
WordPress Plugin FooBox Image Lightbox Security Bypass (2.6.3)
WordPress Plugin Download Monitor Cross-Site Scripting (3.3.6.1)
WordPress Plugin Live Chat-Live support Cross-Site Request Forgery (3.1.0)
b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423)