Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

Remediation

References

CVE-2014-3482

Related Vulnerabilities

WordPress Plugin Shariff Wrapper Local File Inclusion (4.6.13)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.1)

IBM RTC Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-4252)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Cross-Site Scripting Vulnerabilities (2.0.27)

WordPress Plugin WP Editor SQL Injection (1.2.6.3)

Severity

High

Classification

CVE-2014-3482 CWE-138

Tags

Missing Update Known Vulnerabilities