CVE-2020-26712 in REDCapinformazioni

Riassunto

di MITRE • 13/01/2021

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Prenotare

07/10/2020

Divulgazione

13/01/2021

Moderazione

accettato

CPE

pronto

EPSS

0.02110

KEV

no

Attività

molto basso

Fonti

Do you need the next level of professionalism?

Upgrade your account now!