Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.6 views

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

7.5CVSS7.9AI score0.01404EPSS
Exploits1References1
NVD
NVD
added 2019/08/17 5:15 p.m.20 views

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

7.5CVSS7.9AI score0.01404EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/08/17 4:15 p.m.19 views

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

7.9AI score0.01404EPSS
Exploits1References3
CVE
CVE
added 2019/08/17 4:15 p.m.244 views

CVE-2019-14937

REDCap before 9.3.0 is affected by a time-based SQL injection in the edit calendar event via cal_id (example cal_id=55 with sleep(3) in Calendar/calendar_popup_ajax.php). The vulnerability could allow an attacker to obtain a user’s login sessionid and re-login to compromise all data. The issue is...

7.5CVSS7.8AI score0.01404EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder