CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload...

Sql injection

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload...

CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload...

CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload...

CVE-2017-7351

REDCap 7.x is vulnerable to SQL injection in the file upload handler (SendITController:upload) prior to 7.0.11. The issue is triggered by a trailing substring in the upload endpoint, enabling an attacker to inject SQL through the file upload process. Impact: potential unauthorized database access...

REDCap Cross-Site Scripting Vulnerability

REDCap is a free, secure, web-based application. It is designed to support data mining research. A cross-site scripting vulnerability exists in versions of REDCap prior to 7.5.1. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML with the help of a query strin...

CVE-2017-10962

REDCap before 7.5.1 has XSS via the query string...

Design/Logic Flaw

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components...

Spoofing

REDCap before 7.5.1 has XSS via the query string...

CVE-2017-10961

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components...

CVE-2017-10962

REDCap before 7.5.1 has XSS via the query string...

CVE-2017-10961

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components...

CVE-2017-10961

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components...

CVE-2017-10961

CVE-2017-10961 – REDCap before 7.5.1 suffers a cross-site request forgery (CSRF) in the deletion feature of the File Repository and File Upload components. The root cause is CSRF in the delete function, enabling a remote attacker to perform unauthorized operations in affected installations. Multi...

CVE-2017-10962

REDCap before 7.5.1 has XSS via the query string...

CVE-2017-10962

REDCap before 7.5.1 is affected by a Cross-Site Scripting (XSS) vulnerability via the query string. The issue affects REDCap versions prior to 7.5.1; exploitation details are not expanded beyond the XSS via query parameters. Remediation guidance within the connected documents points to upgrading ...

CVE-2013-4609

REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via 1 the Online Designer or 2 the Data Dictionary upload, as demonstrated by an eval call...

CVE-2013-4608

Cross-site scripting XSS vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page...

CVE-2013-4611

Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving 1 the Online Designer page or 2 the Manage Survey Participants page...

CVE-2013-4610

Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors...