VulnerableCode Vulnerability Details - VCID-rq7w-zmh4-17e1

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-rq7w-zmh4-17e1

Essentials
Severities (17)
References (15)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rq7w-zmh4-17e1
Aliases	CVE-2012-2661 GHSA-fh39-v733-mxfr OSV-82403
Summary	SQL injection vulnerability in Active Record Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2013-0154.html
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
epss	0.0073	https://api.first.org/data/v1/epss?cve=CVE-2012-2661
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-fh39-v733-mxfr
generic_textual	MODERATE	https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-2661

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
		http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
		http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
		http://rhn.redhat.com/errata/RHSA-2013-0154.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-2661
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
		https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
		https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
		https://nvd.nist.gov/vuln/detail/CVE-2012-2661
827363		https://bugzilla.redhat.com/show_bug.cgi?id=827363
GHSA-fh39-v733-mxfr		https://github.com/advisories/GHSA-fh39-v733-mxfr
RHSA-2012:1542		https://access.redhat.com/errata/RHSA-2012:1542
RHSA-2013:0154		https://access.redhat.com/errata/RHSA-2013:0154

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.72604
EPSS Score	0.0073
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:46.995997+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2012-2661.yml	38.0.0