Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Other Vulnerability (CVE-2013-0333)

Description

lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

Remediation

References

Related Vulnerabilities

WordPress Plugin wp superb Slideshow 'upload.php' Arbitrary File Upload (2.2)

WordPress Plugin WP Customer Reviews Unspecified Vulnerability (3.0.7)

WordPress Plugin Front File Manager 'upload.php' Arbitrary File Upload (0.1)

WordPress Plugin WP BaiDu Submit Cross-Site Scripting (1.2.1)

WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.7)

Severity

High

Classification

CVE-2013-0333

Tags

Missing Update Known Vulnerabilities