CVE-2017-7351
REDCap 7.x is vulnerable to SQL injection in the file upload handler (SendITController:upload) prior to 7.0.11. The issue is triggered by a trailing substring in the upload endpoint, enabling an attacker to inject SQL through the file upload process. Impact: potential unauthorized database access...