Title:Vulnerability Report for Ruby Gem kcapifony-2.1.6
./kcapifony-2.1.6/lib/ksymfony1.rb

Lines 482, 484, 522 and 524 expose the password to the process table via the #{config['pass']} variable. If this Gem is used in the context of a rails application it maybe possible to inject commands remotely by supplying special shell meta characters like ; and & via #{config['user']} and #{config['pass']}.

0479-      FileUtils::mkdir_p("backups")
480-      case config[type]
481-      when mysql
482:        `mysqldump -u{config[user]} --password=\"{config[pass]}\" #{config[db]} > #{tmpfile}`
483-      when pgsql
484:        `pg_dump -U {config[user]} --password=\"{config[pass]}\" #{config[db]} > #{tmpfile}`
485-      end
486-      File.open(tmpfile, "r+") do |f|
--
519-

520-      case config[type]
521-      when mysql
522:        `mysql -u{config[user]} --password=\"{config[pass]}\" {config[db]} < backups/{sqlfile}`
523-      when pgsql
524:        `psql -U {config[user]} --password=\"{config[pass]}\" {config[db]} < backups/{sqlfile}`
525-      end
526-      FileUtils.rm("backups/#{sqlfile}")
527- end