Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-6497 - Vulnerability Database
Ruby on Rails

Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2012-6497

Medium
Reference: CVE-2012-6497
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-6497
Title: Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

The Authlogic gem for Ruby on Rails when used with certain versions before 3.2.10 makes potentially unsafe find_by_id method calls which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value as demonstrated by a value contained in secret_token.rb in an open-source product.