Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

Remediation

References

CVE-2010-3933

Related Vulnerabilities

WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)

MySQL CVE-2022-21483 Vulnerability (CVE-2022-21483)

WordPress Plugin Gutenberg Blocks by WordPress Download Manager Cross-Site Scripting (2.1.8)

WordPress Plugin Commentator Cross-Site Scripting (2.5.2)

Oracle JRE CVE-2013-1558 Vulnerability (CVE-2013-1558)

Severity

Medium

Classification

CVE-2010-3933 CWE-20

Tags

Missing Update Known Vulnerabilities