3 matches found
CVE-2020-5257
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
CVE-2020-5257 Sort order SQL injection in Administrate
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
CVE-2020-5257
CVE-2020-5257 affects the Administrate Ruby gem prior to version 0.13.0. The vulnerability arises when sorting by attributes on a dashboard, where the direction parameter was interpolated into an SQL query without validation, potentially enabling SQL injection if an attacker can modify the direct...