Published: 21/02/2011 Updated: 08/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Ruby on Rails 3.0.x prior to 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote malicious users to conduct SQL injection attacks via a non-numeric argument.

Affected Products

Vendor Product Versions
RubyonrailsRails3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4