2 matches found
CVE-2013-4609
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via 1 the Online Designer or 2 the Data Dictionary upload, as demonstrated by an eval call...
CVE-2013-4609
REDCap exposes a logic-evaluation weakness: versions before 5.0.4 and 5.1.x before 5.1.3 do not reject undocumented syntax in branching logic and calculations, enabling remote authenticated users to bypass access controls via the Online Designer or Data Dictionary upload (demonstrated by an eval ...