> There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. This vulnerability has been assigned the CVE identifier CVE-2013-0156.
It's (apparently) a remote code execution bug. You can also use it to trigger SQL in the sense of simply executing arbitrary SQL. There's no need to bootstrap or trampoline, the doors are swinging open already.
I think we're all saying the same thing. But this particular vulnerability described in the OP allows SQL injection via a different means than the one I had linked to (from 5 days ago). But yes, it's all SQL injection (and more, in this case).