Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-02-21T00:00:00
Updated: 2023-12-07T22:13:48.916887
Reserved: 2011-01-13T00:00:00
Link: CVE-2011-0448
JSON object: View
NVD Information
Status : Modified
Published: 2011-02-21T18:00:01.287
Modified: 2023-12-07T23:15:07.083
Link: CVE-2011-0448
JSON object: View
Redhat Information
No data.
CWE