CVE-2022-24831

Name of the Vulnerable Software and Affected Versions OpenClinica versions prior to 3.16.1

Description OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). The issue is due to the use of string concatenation to create SQL queries instead of prepared statements, leading to SQL injection. No known workarounds exist.

Recommendations For versions prior to 3.16.1, upgrade to version 3.16.1, 3.15.9, 3.14.1, or 3.13.1 to resolve the issue. As a temporary workaround, consider restricting input to prevent malicious SQL queries until a patch is applied.