cve/CVE-2012-2661.md at 43553e9af13bbdba84028635c21659dede3160a7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 3428c6bdc6 Update CVE sources 2024-08-05 18:41

2024-08-05 18:41:32 +00:00

Description

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.

POC

Reference

No PoCs from references.

Github

https://github.com/Blackyguy/-CVE-2012-2661-ActiveRecord-SQL-injection-
https://github.com/ehayushpathak/WebApp-Hacking
https://github.com/paulveillard/cybersecurity-infosec
https://github.com/r4x0r1337/-CVE-2012-2661-ActiveRecord-SQL-injection-

1.0 KiB Raw Blame History

CVE-2012-2661

Description

POC

Reference

Github

1.0 KiB

Raw Blame History