Description

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

Remediation

References

CVE-2006-4111

Related Vulnerabilities

WordPress 7PK - Security Features Vulnerability (CVE-2016-10148)

MySQL CVE-2018-2810 Vulnerability (CVE-2018-2810)

WordPress Plugin SiteGuard WP Information Disclosure (1.7.6)

MySQL Other Vulnerability (CVE-2006-0903)

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.8)

Severity

High

Classification

CVE-2006-4111 CWE-94

Tags

Missing Update Known Vulnerabilities