4 matches found
CVE-2019-14937
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...
CVE-2019-14937
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...
CVE-2019-14937
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...
CVE-2019-14937
REDCap before 9.3.0 is affected by a time-based SQL injection in the edit calendar event via cal_id (example cal_id=55 with sleep(3) in Calendar/calendar_popup_ajax.php). The vulnerability could allow an attacker to obtain a user’s login sessionid and re-login to compromise all data. The issue is...