7.5

CVE-2011-2930

Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RubyonrailsRails Version2.0.0
RubyonrailsRails Version2.0.0 Updaterc1
RubyonrailsRails Version2.0.0 Updaterc2
RubyonrailsRails Version2.0.1
RubyonrailsRails Version2.0.2
RubyonrailsRails Version2.0.4
RubyonrailsRails Version2.1.0
RubyonrailsRails Version2.1.1
RubyonrailsRails Version2.1.2
RubyonrailsRails Version2.2.0
RubyonrailsRails Version2.2.1
RubyonrailsRails Version2.2.2
RubyonrailsRails Version2.3.2
RubyonrailsRails Version2.3.3
RubyonrailsRails Version2.3.4
RubyonrailsRails Version2.3.9
RubyonrailsRails Version2.3.10
RubyonrailsRails Version2.3.11
RubyonrailsRails Version2.3.12
RubyonrailsRails Version3.0.0
RubyonrailsRails Version3.0.0 Updatebeta
RubyonrailsRails Version3.0.0 Updatebeta2
RubyonrailsRails Version3.0.0 Updatebeta3
RubyonrailsRails Version3.0.0 Updatebeta4
RubyonrailsRails Version3.0.0 Updaterc
RubyonrailsRails Version3.0.0 Updaterc2
RubyonrailsRails Version3.0.1
RubyonrailsRails Version3.0.1 Updatepre
RubyonrailsRails Version3.0.2
RubyonrailsRails Version3.0.2 Updatepre
RubyonrailsRails Version3.0.3
RubyonrailsRails Version3.0.4 Updaterc1
RubyonrailsRails Version3.0.5
RubyonrailsRails Version3.0.5 Updaterc1
RubyonrailsRails Version3.0.6
RubyonrailsRails Version3.0.6 Updaterc1
RubyonrailsRails Version3.0.6 Updaterc2
RubyonrailsRails Version3.0.7
RubyonrailsRails Version3.0.7 Updaterc1
RubyonrailsRails Version3.0.7 Updaterc2
RubyonrailsRails Version3.0.8
RubyonrailsRails Version3.0.8 Updaterc1
RubyonrailsRails Version3.0.8 Updaterc2
RubyonrailsRails Version3.0.8 Updaterc3
RubyonrailsRails Version3.0.8 Updaterc4
RubyonrailsRails Version3.0.9
RubyonrailsRails Version3.0.9 Updaterc1
RubyonrailsRails Version3.0.9 Updaterc2
RubyonrailsRails Version3.0.9 Updaterc3
RubyonrailsRails Version3.0.9 Updaterc4
RubyonrailsRails Version3.0.9 Updaterc5
RubyonrailsRails Version3.0.10 Updaterc1
RubyonrailsRails Version3.1.0
RubyonrailsRails Version3.1.0 Updatebeta1
RubyonrailsRails Version3.1.0 Updaterc1
RubyonrailsRails Version3.1.0 Updaterc2
RubyonrailsRails Version3.1.0 Updaterc3
RubyonrailsRails Version3.1.0 Updaterc4
RubyonrailsRuby On Rails Version3.0.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.743
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.