CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:31

Type Values Removed Values Added
References () https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/ - Third Party Advisory () https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/ - Third Party Advisory

01 Jul 2021, 16:58

Type Values Removed Values Added
CPE cpe:2.3:a:project-redcap:redcap:*:*:*:*:*:*:*:* cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*

Information

Published : 2018-02-08 15:29

Updated : 2024-11-21 03:31


NVD link : CVE-2017-7351

Mitre link : CVE-2017-7351

CVE.ORG link : CVE-2017-7351


JSON object : View

Products Affected

vanderbilt

  • redcap
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')