CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-26712

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0470%
EPSS Percentile0.60th
Published2021年1月12日
Last Modified2024年11月21日

Vulnerability Description

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.

Affected Platforms (CPE)

📦
Vanderbilt

Redcap

= 10.0.20
📦
Vanderbilt

Redcap

= 10.3.4

References & Advisories

🔗 https://github.com/vuongdq54/RedCap
🔗 https://www.evms.edu/research/resources_services/redcap/redcap_change_log/
🔗 https://www.project-redcap.org/
🔗 https://github.com/vuongdq54/RedCap
🔗 https://www.evms.edu/research/resources_services/redcap/redcap_change_log/
🔗 https://www.project-redcap.org/

相关漏洞威胁

CVE-2013-461110.0

Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving...

CVE-2013-461010.0

Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown...

CVE-2021-421369.0

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote at...

CVE-2017-109618.8

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.