REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
References
Link | Resource |
---|---|
https://trustwave.com | Not Applicable |
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305 | Exploit Third Party Advisory |
https://trustwave.com | Not Applicable |
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://trustwave.com - Not Applicable | |
References | () https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305 - Exploit, Third Party Advisory |
31 Jul 2023, 18:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vanderbilt:redcap:*:*:*:*:lts:*:*:* cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:* |
|
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
References | (MISC) https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305 - Exploit, Third Party Advisory | |
References | (MISC) https://trustwave.com - Not Applicable |
25 Jul 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-25 01:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37361
Mitre link : CVE-2023-37361
CVE.ORG link : CVE-2023-37361
JSON object : View
Products Affected
vanderbilt
- redcap
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')