Description
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Request Forgery (3.01)
WordPress Plugin Advanced Woo Search Information Disclosure (1.99)
PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)
PHP Resource Management Errors Vulnerability (CVE-2011-1468)
WordPress Plugin Advanced File Manager Directory Traversal (5.1)