Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Remediation

References

CVE-2014-0080

Related Vulnerabilities

Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)

ColdFusion 9 solr service exposed

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28106)

WordPress Plugin Erident Custom Login and Dashboard Cross-Site Request Forgery (3.4.1)

WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (2.0.3)

Severity

Medium

Classification

CVE-2014-0080 CWE-138

Tags

Missing Update Known Vulnerabilities