Administrate
1 CVEs
product
Monthly
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
Nosql Injection
SQLi
Administrate
NVD
GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-5257
Ruby
EPSS 1%
CVSS 8.1
HIGH
PATCH
This Week
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
Nosql Injection
SQLi
Administrate
NVD
GitHub