WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4466)

Description

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

Remediation

References

Related Vulnerabilities

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8520)

TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-23502)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.52)

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-19845)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9853)

Severity

Medium

Classification

CVE-2012-4466 CWE-264

Tags

Missing Update Known Vulnerabilities