Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Remediation

References

CVE-2014-0080

Related Vulnerabilities

WordPress Plugin Random image gallery with pretty photo zoom Cross-Site Scripting (7.4)

Apache HTTP Server Other Vulnerability (CVE-2001-1342)

WordPress Other Vulnerability (CVE-2005-2109)

Oracle JRE CVE-2017-10345 Vulnerability (CVE-2017-10345)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.75)

Severity

Medium

Classification

CVE-2014-0080 CWE-138

Tags

Missing Update Known Vulnerabilities