CVE-2020-27358
CVE-2020-27358 affects REDCap 8.11.6 through 9.x before 10. The Messenger CSV export feature is vulnerable to an access-control bypass: non-privileged users can exfiltrate another user’s conversation threads by altering thread_id in the request to Messenger/messenger_download_csv.php?title=Hey&th...