Vulnerabilities > Thoughtbot > Administrate

DATE CVE VULNERABILITY TITLE RISK
2022-08-05 CVE-2016-3098 Cross-Site Request Forgery (CSRF) vulnerability in Thoughtbot Administrate
Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code.
network
low complexity
thoughtbot CWE-352
5.4
5.4
2020-03-13 CVE-2020-5257 SQL Injection vulnerability in Thoughtbot Administrate
In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query.
network
low complexity
thoughtbot CWE-89
8.1
8.1