Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5664

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5664
Last Modified 27 Dec 2012 02:55:17
Published 26 Dec 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5664

Summary

SQL injection vulnerability in the Authlogic gem for Ruby on Rails allows remote attackers to execute arbitrary SQL commands via a crafted parameter in conjunction with a secret_token value, related to certain behavior of find_by_id and other find_by_ methods.

Vulnerable Systems

Application

  • Rubyonrails Ruby On Rails -


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=889649

MISC - http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html


Last Updated: 27 May 2016 11:01:29