Description

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

Remediation

References

CVE-2006-4111

Related Vulnerabilities

WordPress 4.4.x Cross-Domain Flash Injection Vulnerability (4.4 - 4.4.13)

WordPress Plugin Simple File Downloader Cross-Site Scripting (1.0.4)

WordPress Plugin File Manager Unspecified Vulnerability (5.1.5)

WebLogic Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3257)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing Arbitrary File Upload (1.2.1)

Severity

High

Classification

CVE-2006-4111 CWE-94

Tags

Missing Update Known Vulnerabilities