2 matches found
CVE-2020-5257
CVE-2020-5257 affects the Administrate Ruby gem prior to version 0.13.0. The vulnerability arises when sorting by attributes on a dashboard, where the direction parameter was interpolated into an SQL query without validation, potentially enabling SQL injection if an attacker can modify the direct...
CVE-2016-3098
CVE-2016-3098 describes a Cross-site request forgery (CSRF) vulnerability in the Administrate Rails dashboard (versions 0.1.4 and earlier) that can allow remote attackers to hijack a user’s OAuth authorization code. The vulnerability is documented across multiple sources (including Red Hat, GHSA,...