WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3514)

Description

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

Remediation

References

Related Vulnerabilities

WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-40690)

WordPress Plugin Captchinoo, Google recaptcha for admin login page Cross-Site Request Forgery (2.4)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5748)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)

WordPress 4.8.x Arbitrary File Deletion Vulnerability (4.8 - 4.8.6)

Severity

High

Classification

CVE-2014-3514 CWE-264

Tags

Missing Update Known Vulnerabilities