SQL Injection Affecting brbackup package, versions >=0.0.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-BRBACKUP-20188
- published 8 Jul 2014
- disclosed 8 Jul 2014
- credit Unknown
Overview
brbackup Gem for Ruby contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /lib/brbackup.rb script not properly sanitizing user-supplied input to the name parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
References
CVSS Scores
version 3.1