Filtered by vendor Vanderbilt
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7351 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.0 MEDIUM | 8.8 HIGH |
| A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload. | |||||
| CVE-2017-10961 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | |||||
| CVE-2019-14937 | 1 Vanderbilt | 1 Redcap | 2019-08-27 | 6.0 MEDIUM | 7.5 HIGH |
| REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data. | |||||