REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-12T14:17:33
Updated: 2024-08-04T15:56:04.991Z
Reserved: 2020-10-07T00:00:00
Link: CVE-2020-26712
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-01-12T15:15:13.783
Modified: 2024-11-21T05:20:16.153
Link: CVE-2020-26712
Redhat
No data.