Rails vulnerable to SQL injection
Rails versions that predate Rails 2.1.1 are vulnerable to an SQL injection attack, accoring to an advisory from the Ruby on Rails Security Project.
:offset parameters to the find method are not correctly sanitised, allowing code such as
Person.find(:all,:limit=>"10; DROP TABLE users;")
to be executed. This issue seems to affect only PostgreSQL and SQLite, but not MySQL which by default disallows multiple SQL statements, but the Ruby on Rails Security project show how the flaw could be exploited to disclose information by use of the SQL UNION statement.