Description

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

Remediation

References

CVE-2006-4111

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42048)

WordPress Plugin Simple Social Media Share Buttons-Social Sharing for Everyone Cross-Site Scripting (3.2.2)

Apache error log escape sequence injection vulnerability

WordPress Plugin Helios Solutions Brand Logo Slider Arbitrary File Upload (2.1)

WordPress Plugin Ultimeter Security Bypass (1.9.2)

Severity

High

Classification

CVE-2006-4111 CWE-94

Tags

Missing Update Known Vulnerabilities