6 matches found
CVE-2012-6567
REDCap before 4.14.0 is affected: remote authenticated users can execute arbitrary commands via shell metacharacters in the logic of a custom rule. The root cause is unsafely evaluated shell constructs in rule logic, enabling command execution with authenticated access. Connectivity details or in...
CVE-2013-4608
CVE-2013-4608 is an XSS vulnerability in REDCap prior to version 5.0.6, exploitable via the Graphical Data View & Descriptive Stats page. The available sources describe that remote attackers can inject arbitrary web script or HTML. The connected documents do not provide exploit code, in-the-wild ...
CVE-2013-4612
The CVE-2013-4612 entry concerns REDCap prior to version 5.1.0 , with multiple cross-site scripting (XSS) vulnerabilities. The reports indicate remote attackers could inject arbitrary web script/HTML via unspecified vectors across different modules. The connected documents confirm the affected pr...
CVE-2013-4610
CVE-2013-4610 affects the Data Search utility in REDCap data-entry forms, specifically REDCap before 5.0.3 and 5.1.x before 5.1.2. The impact is not specified in the sources, and there are no public exploitation details provided in the connected documents. No remediation or fix versions are descr...
CVE-2013-4609
REDCap exposes a logic-evaluation weakness: versions before 5.0.4 and 5.1.x before 5.1.3 do not reject undocumented syntax in branching logic and calculations, enabling remote authenticated users to bypass access controls via the Online Designer or Data Dictionary upload (demonstrated by an eval ...
CVE-2013-4611
REDCap before 5.1.1 is affected by CVE-2013-4611. The connected documents describe multiple unspecified vulnerabilities that allow remote attackers to have an unknown impact via the Online Designer page or the Manage Survey Participants page. The exact root cause, affected subcomponents, mitigati...