Main
Vulnerability Database
Exploits
ID:1760 - Exploit for Path traversal in Ruby on Rails - CVE-2016-0752
ID:1760 - Exploit for Path traversal in Ruby on Rails - CVE-2016-0752
Published: March 18, 2020
Vulnerability identifier: #VU8568
Vulnerability risk: Medium
CVE-ID: CVE-2016-0752
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
Ruby on Rails
Ruby on Rails
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to read arbitrary files on the system.
The vulnerability exists due to improper input validation in Action View. A remote attacker can send a specially crafted request, containing directory traversal sequences (e.g. "../") and view contents of arbitrary file on vulnerable system.
The vulnerability exists due to improper input validation in Action View. A remote attacker can send a specially crafted request, containing directory traversal sequences (e.g. "../") and view contents of arbitrary file on vulnerable system.
Remediation
Update to version 3.2.22.1, 4.1.14.1 or 4.2.5.1.