CVE Catalog

CVE-2023-37361

LowCVSS 2.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

40th percentile — higher than 40% of all known CVEs

Summary

REDCap versions 12.0.26 LTS and 12.3.2 Standard allow SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to the database, potentially leading to the exposure of sensitive information.

Recommendation

It is recommended to upgrade to the latest version of REDCap to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS