Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
5.4CVSS
5.5AI Score
0.001EPSS
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord ...
8.1CVSS
8.3AI Score
0.001EPSS