diff --git a/lib/brakeman/checks/check_sql.rb b/lib/brakeman/checks/check_sql.rb
index 728df3bf450a35f948ab472b4eebd0f90ab53dfe..2a71d354ebfef76e48b9ab1728d910965e43c5e3 100644
--- a/lib/brakeman/checks/check_sql.rb
+++ b/lib/brakeman/checks/check_sql.rb
@@ -43,6 +43,9 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     Brakeman.debug "Checking version of Rails for CVE-2012-2661"
     check_rails_version_for_cve_2012_2661
 
+    Brakeman.debug "Checking version of Rails for CVE-2012-2695"
+    check_rails_version_for_cve_2012_2695
+
     Brakeman.debug "Processing possible SQL calls"
     calls.each do |c|
       process_result c
@@ -104,6 +107,15 @@ class Brakeman::CheckSQL < Brakeman::BaseCheck
     end
   end
 
+  def check_rails_version_for_cve_2012_2695
+    if version_between?("2.0.0", "3.0.0") || version_between?("3.0.0", "3.0.13") || version_between?("3.1.0", "3.1.5") || version_between?("3.2.0", "3.2.5")
+      warn :warning_type => 'SQL Injection',
+        :message => 'All versions of Rails before 3.0.14, 3.1.6, and 3.2.6 contain a SQL Injection Vulnerability: CVE-2012-2695; Upgrade to 3.2.6, 3.1.6, 3.0.14',
+        :confidence => CONFIDENCE[:high],
+        :file => gemfile_or_environment
+    end
+  end
+
   def process_scope_with_block model_name, args
     scope_name = args[1][1]
     block = args[-1][-1]
diff --git a/test/tests/test_rails2.rb b/test/tests/test_rails2.rb
index a4a1d2b1d63abde516bfcb36bca7a2fcf71d7280..2a749de2f0e2f61a55c4078209a7aebea98688f9 100644
--- a/test/tests/test_rails2.rb
+++ b/test/tests/test_rails2.rb
@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
         :controller => 1,
         :model => 2,
         :template => 27,
-        :warning => 27 }
+        :warning => 28 }
     else
       @expected ||= {
         :controller => 1,
         :model => 2,
         :template => 27,
-        :warning => 28 }
+        :warning => 29 }
     end
   end
 
@@ -172,6 +172,13 @@ class Rails2Tests < Test::Unit::TestCase
       :confidence => 0
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0
+  end
+
   def test_sql_injection_find_by_sql
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",
diff --git a/test/tests/test_rails3.rb b/test/tests/test_rails3.rb
index 5f23a32b434119e9a3716808f3df2adcf97e978d..bf0383598f80e2ed57324c4835e7576699e13a52 100644
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
       :controller => 1,
       :model => 5,
       :template => 22,
-      :warning => 25
+      :warning => 26
     }
   end
 
@@ -183,6 +183,14 @@ class Rails3Tests < Test::Unit::TestCase
       :file => /Gemfile/
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0,
+      :file => /Gemfile/
+  end
+
   def test_sql_injection_find_by_sql
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",
diff --git a/test/tests/test_rails31.rb b/test/tests/test_rails31.rb
index 2531faf22d1f6bc1351d347045c216b93a229cd1..54077285a3b89d42a8df5a467c11e1dd9e46f01d 100644
--- a/test/tests/test_rails31.rb
+++ b/test/tests/test_rails31.rb
@@ -15,7 +15,7 @@ class Rails31Tests < Test::Unit::TestCase
       :model => 0,
       :template => 4,
       :controller => 1,
-      :warning => 39 }
+      :warning => 40 }
   end
 
   def test_without_protection
@@ -96,6 +96,14 @@ class Rails31Tests < Test::Unit::TestCase
       :file => /Gemfile/
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0,
+      :file => /Gemfile/
+  end
+
   def test_sql_injection_scope_lambda
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",
diff --git a/test/tests/test_rails_with_xss_plugin.rb b/test/tests/test_rails_with_xss_plugin.rb
index 505b3d1cbb63fb2447866dfb2dac61dea87a935f..608ab506fbe75f0ff9c50896bf14a35b286f2e35 100644
--- a/test/tests/test_rails_with_xss_plugin.rb
+++ b/test/tests/test_rails_with_xss_plugin.rb
@@ -11,7 +11,7 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
       :controller => 1,
       :model => 3,
       :template => 1,
-      :warning => 12 }
+      :warning => 13 }
   end
 
   def report
@@ -136,6 +136,14 @@ class RailsWithXssPluginTests < Test::Unit::TestCase
       :file => /Gemfile/
   end
 
+  def test_rails_cve_2012_2695
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :message => /CVE-2012-2695/,
+      :confidence => 0,
+      :file => /Gemfile/
+  end
+
   def test_sql_injection_12 
     assert_warning :type => :warning,
       :warning_type => "SQL Injection",