CVE Catalog
CVE-2023-37361
LowCVSS 2.7Exploitation Probability (EPSS)
Low risk0.51%
40th percentile — higher than 40% of all known CVEs
Summary
REDCap versions 12.0.26 LTS and 12.3.2 Standard allow SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to the database, potentially leading to the exposure of sensitive information.
Recommendation
It is recommended to upgrade to the latest version of REDCap to mitigate the risk associated with this vulnerability.
Original NVD description (English source)
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

