Main Vulnerability Database Exploits ID:11997 - Exploit for SQL injection in Ruby on Rails - CVE-2013-0333

ID:11997 - Exploit for SQL injection in Ruby on Rails - CVE-2013-0333

Published: September 30, 2025

Vulnerability identifier: #VU116187

Vulnerability risk: Medium

CVE-ID: CVE-2013-0333

CWE-ID: CWE-89

Exploitation vector: Remote access

Vulnerable software:
Ruby on Rails

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/multi/http/rails_json_yaml_code_exec

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to lib/active_support/json/backends/yaml.rb in Ruby on Rails does not properly convert JSON data to YAML data for processing by a YAML parser. A remote attacker can execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding.

Remediation

Install updates from vendor's website.

ID:11997 - Exploit for SQL injection in Ruby on Rails - CVE-2013-0333

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human