CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7351
https://notcve.org/view.php?id=CVE-2017-7351
A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload. Existe un problema de inyección SQL en un manipulador de subida de archivos en REDCap, en versiones 7.x anteriores a la 7.0.11, mediante una subcadena final a SendITController:upload. • https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10961
https://notcve.org/view.php?id=CVE-2017-10961
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. REDCap anterior a versión 7.5.1, presenta un problema de tipo CSRF en la función deletion de los componentes File Repository y File Upload. • https://community.projectredcap.org/articles/13/changelog-standard-release.html https://gist.github.com/jordanpotti/fef4f1ada404d5ba7f88ab42e93cdaae • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10962
https://notcve.org/view.php?id=CVE-2017-10962
REDCap before 7.5.1 has XSS via the query string. REDCap anterior a versión 7.5.1, presenta un problema de tipo XSS por medio de la cadena de consulta. • https://community.projectredcap.org/articles/13/changelog-standard-release.html https://gist.github.com/jordanpotti/fef4f1ada404d5ba7f88ab42e93cdaae • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6566
https://notcve.org/view.php?id=CVE-2012-6566
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en REDCap anterior a v4.14.2 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6567
https://notcve.org/view.php?id=CVE-2012-6567
REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule. REDCap anterior a v4.14.0 permite a usuarios remotos autenticados ejecutar código arbitrario a través de metacaracteres de shell en la lógica de una regla personalizada • http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf • CWE-20: Improper Input Validation •