How severe is CVE-2020-5257?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-5257?

This is classified as CWE-943, which is a common weakness in software security.

CVE-2020-5257

HIGH Year: 2020

CVSS v3 Score

8.1

High

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-943

View all →

Vulnerability Description

In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion 0.13.0.

CVE-2025-24787

HIGH

CVSS:8.6(High)

WhoDB is an open source database management tool. In affected versions the application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files...

CWE-9432025

CVE-2017-12904

HIGH

CVSS:8.8(High)

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by craf...

CWE-9432017

CVE-2018-7829

HIGH

CVSS:8.8(High)

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary s...

CWE-9432018

CVE-2024-4872

HIGH

CVSS:8.8(High)

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to succ...

CWE-9432024

CVE-2021-1349

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected s...

CWE-9432021

CVE-2021-34712

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected s...

CWE-9432021

CVE-2020-5257

Vulnerability Description

Related Vulnerabilities

CVE-2025-24787

CVE-2017-12904

CVE-2018-7829

CVE-2024-4872

CVE-2021-1349

CVE-2021-34712