Description
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.
Remediation
References
Related Vulnerabilities
WordPress Plugin Random image gallery with pretty photo zoom Cross-Site Scripting (7.4)
Apache HTTP Server Other Vulnerability (CVE-2001-1342)
WordPress Other Vulnerability (CVE-2005-2109)
Oracle JRE CVE-2017-10345 Vulnerability (CVE-2017-10345)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.75)