Return to CVE list

CVE-2008-4094

7.5

Critical

CVE-2008-4094

30 Sep 2008

cve@mitre.org

Modified

View on MITRE Find on GitHub

Description

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cve@mitre.org

http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

cve@mitre.org

http://gist.github.com/8946

cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

cve@mitre.org

http://rails.lighthouseapp.com/projects/8994/tickets/288

cve@mitre.org

http://rails.lighthouseapp.com/projects/8994/tickets/964

cve@mitre.org

http://secunia.com/advisories/31875

cve@mitre.org

http://secunia.com/advisories/31909

cve@mitre.org

http://secunia.com/advisories/31910

cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/09/13/2

cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/09/16/1

cve@mitre.org

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/

cve@mitre.org

http://www.securityfocus.com/bid/31176

cve@mitre.org

http://www.securitytracker.com/id?1020871

cve@mitre.org

http://www.vupen.com/english/advisories/2008/2562

cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

af854a3a-2127-422b-91ae-364da2661108

http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

af854a3a-2127-422b-91ae-364da2661108

http://gist.github.com/8946

af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

af854a3a-2127-422b-91ae-364da2661108

http://rails.lighthouseapp.com/projects/8994/tickets/288

af854a3a-2127-422b-91ae-364da2661108

http://rails.lighthouseapp.com/projects/8994/tickets/964

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31875

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31909

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31910

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/09/13/2

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/09/16/1

af854a3a-2127-422b-91ae-364da2661108

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31176

af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020871

af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2562

af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109