diff --git a/Gemfile.lock b/Gemfile.lock
index 88b18b5..ee14cd7 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -93,7 +93,7 @@ GEM
     eventmachine (1.0.3)
     execjs (2.2.1)
     fastercsv (1.5.5)
-    ffi (1.9.5)
+    ffi (1.9.6)
     foreman (0.75.0)
       dotenv (~> 0.11.1)
       thor (~> 0.19.1)
@@ -159,7 +159,7 @@ GEM
       sqlite3-ruby
       thin
     method_source (0.8.2)
-    mime-types (2.3)
+    mime-types (2.4.1)
     mini_portile (0.5.3)
     minitest (4.7.5)
     multi_json (1.10.1)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 1fb5d4a..10f31f4 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -31,7 +31,8 @@ class UsersController < ApplicationController
     # Still an Insecure DoR vulnerability
     #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
 
-    user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+    # user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
+    user = User.where("user_id = '#{params[:user][:user_id]}'").first
     if user
       user.skip_user_id_assign = true
       user.skip_hash_password = true