Ruby on Rails Active Record SQL Injection Vulnerability

Bugtraq ID: 53753
Class: Input Validation Error
CVE: CVE-2012-2661
Remote: Yes
Local: No
Published: May 31 2012 12:00AM
Updated: Mar 01 2013 06:03PM
Credit: Ben Murphy
Vulnerable: SuSE WebYaST 1.2
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
SuSE SUSE Linux Enterprise SDK 11 SP2
SuSE Studio Standard Edition 1.2
SuSE Studio Onsite 1.2
SuSE Studio Extension for System z 1.2
Ruby on Rails Ruby on Rails 3.2.2
Ruby on Rails Ruby on Rails 3.1.4
Ruby on Rails Ruby on Rails 3.1.2
Ruby on Rails Ruby on Rails 3.0.12
Ruby on Rails Ruby on Rails 3.0.11
Ruby on Rails Ruby on Rails 3.0.6
Ruby on Rails Ruby on Rails 3.0.5
Ruby on Rails Ruby on Rails 3.0.4
Ruby on Rails Ruby on Rails 3.0.3
Ruby on Rails Ruby on Rails 3.0.3
Ruby on Rails Ruby on Rails 3.0.2
Ruby on Rails Ruby on Rails 3.0.1
Ruby on Rails Ruby on Rails 3.0
Ruby on Rails Ruby on Rails 3.1.0.rc6
Ruby on Rails Ruby on Rails 3.1.0.rc5
Ruby on Rails Ruby on Rails 3.0.8
Ruby on Rails Ruby on Rails 3.0.7
Ruby on Rails Ruby on Rails 3.0.10
Red Hat Fedora 17
Red Hat Fedora 16
Not Vulnerable: Ruby on Rails Ruby on Rails 3.2.4
Ruby on Rails Ruby on Rails 3.1.5
Ruby on Rails Ruby on Rails 3.0.13


 

Privacy Statement
Copyright 2010, SecurityFocus