SQL Injection Vulnerability in Ruby on Rails 3.0.x before 3.0.4

SQL Injection Vulnerability in Ruby on Rails 3.0.x before 3.0.4

CVE-2011-0448 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.