Description
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Remediation
References
Related Vulnerabilities
OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1547)
Oracle Database Server CVE-2010-0911 Vulnerability (CVE-2010-0911)
WordPress Plugin Hungred Post Thumbnail 'hpt_file_upload.php' Arbitrary File Upload (2.1.9)
WordPress Plugin CMS Tree Page View Cross-Site Scripting (1.2.31)
MySQL Insufficiently Protected Credentials Vulnerability (CVE-2012-5627)