Miggo Logo

CVE-2011-0448: activerecord vulnerable to SQL Injection

7.5

CVSS Score

Basic Information

EPSS Score
0.70834%
Published
10/24/2017
Updated
11/9/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
activerecordrubygems>= 3.0.0, < 3.0.43.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input validation in the limit parameter handling. The commit diff shows the sanitize_limit method was modified to use Integer() instead of to_i, which strictly enforces integer validation. The original implementation (map{|i| i.to_i}) would silently convert non-integer values to 0 or partial integers, allowing attackers to inject SQL via non-numeric limit arguments. The patch explicitly raises ArgumentError for invalid inputs, confirming the vulnerability resided in this function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Ru*y on R*ils *.*.x ***or* *.*.* *o*s not *nsur* t**t *r*um*nts to t** limit *un*tion sp**i*y int***r v*lu*s, w*i** m*k*s it **si*r *or r*mot* *tt**k*rs to *on*u*t SQL inj**tion *tt**ks vi* * non-num*ri* *r*um*nt.

Reasoning

T** vuln*r**ility st*ms *rom improp*r input v*li**tion in t** limit p*r*m*t*r **n*lin*. T** *ommit *i** s*ows t** s*nitiz*_limit m*t*o* w*s mo*i*i** to us* Int***r() inst*** o* to_i, w*i** stri*tly *n*or**s int***r v*li**tion. T** ori*in*l impl*m*nt*