Description

Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

Remediation

References

CVE-2008-7248

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-6712)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.14)

WordPress Plugin Business Directory-Easy Listing Directories for WordPress PHP Object Injection (4.1.14)

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Security Bypass (6.0.1)

WordPress Plugin Jammer Cross-Site Scripting (0.2)

Severity

Medium

Classification

CVE-2008-7248 CWE-20

Tags

Missing Update Known Vulnerabilities