Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-17919 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2017-17919

High
Reference: CVE-2017-17919
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-17919
Title: Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

DISPUTED SQL injection vulnerability in the 39order39 method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 39id desc39 parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.