WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3483)

Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

Remediation

References

Related Vulnerabilities

WordPress Plugin PickPlugins Product Slider for WooCommerce Unspecified Vulnerability (1.13.23)

WordPress Plugin Count per Day Multiple Cross-Site Scripting Vulnerabilities (3.5.4)

PostgreSQL CVE-2009-3229 Vulnerability (CVE-2009-3229)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Cross-Site Request Forgery (3.6.4)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-21664)

Severity

High

Classification

CVE-2014-3483 CWE-138

Tags

Missing Update Known Vulnerabilities