Vulnerabilities > CVE-2008-7309 - Credentials Management vulnerability in Insoshi

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

insoshi

CWE-255

NVD

Published: 2012-04-05

Updated: 2024-11-21

Summary

Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost user_id value via a modified URL, related to a "mass assignment" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Insoshi Insoshi Insoshi *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://blog.mhartl.com/2008/09/21/finding-and-fixing-mass-assignment-problems-in-rails-applications/
http://blog.mhartl.com/2008/09/21/finding-and-fixing-mass-assignment-problems-in-rails-applications/
http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment
http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment