PT-2023-25931 · Redcap · Redcap
Published
2023-07-25
·
Updated
2023-07-31
·
CVE-2023-37361
CVSS v3.1
2.7
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
REDCap versions 12.0.26 through 12.3.2
Description
The issue allows SQL Injection via parameters such as
scheduling, repeatforms, purpose, app title, or randomization.Recommendations
For versions 12.0.26 and 12.3.2, consider restricting access to the vulnerable parameters until a patch is available.
As a temporary workaround, avoid using the parameters
scheduling, repeatforms, purpose, app title, or randomization in the affected API endpoints until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redcap