CVE-2016-0752

HIGH KEV

Ruby on Rails Dynamic Render File Upload Remote Code Execution

Title source: metasploit

Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/40561
nomisec WORKING POC 10 stars
by forced-request · poc
https://github.com/forced-request/rails-rce-cve-2016-0752
nomisec WORKING POC
by dachidahu · poc
https://github.com/dachidahu/CVE-2016-0752
metasploit WORKING POC EXCELLENT
by mr_me <[email protected]>, John Poulin (forced-request) · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_dynamic_render_code_exec.rb

References (13)

Scores

CVSS v3 7.5
EPSS 0.9105
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2022-03-25
VulnCheck KEV 2019-12-17
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2017-0333
CWE
CWE-22
Status published
Products (9)
debian/debian_linux 8.0
opensuse/leap 42.1
opensuse/opensuse 13.2
redhat/software_collections 1.0
rubygems/actionpack 4.0.0 - 4.1.14.1RubyGems
rubygems/actionview 4.0.0 - 4.1.14.1RubyGems
rubyonrails/rails 5.0.0 beta1
rubyonrails/rails < 3.2.22.1
suse/linux_enterprise_module_for_containers 12
Published Feb 16, 2016
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026