Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-0448 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-0448

High
Reference: CVE-2011-0448
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-0448
Title: Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.