Security Advisory

CVE-2019-14937

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-08-17 16:15:20

Last updated 2024-08-05 00:34:52

Assigner mitre

State PUBLISHED

Description

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a users login sessionid from the database, and then re-login into REDCap to compromise all data.

← Browse all CVEs View on cve.org ↗