FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-rails -- SQL injection vulnerability

Affected packages
rubygem-rails < 2.2.2


VuXML ID 8e8b8b94-7f1d-11dd-a66a-0019666436c2
Discovery 2008-09-08
Entry 2008-09-10
Modified 2010-05-12

Jonathan Weiss reports, that it is possible to perform an SQL injection in Rails applications via not correctly sanitized :limit and :offset parameters. It is possible to change arbitrary values in affected tables or gain access to the sensitive data.


CVE Name CVE-2008-4094