Unrated severityNVD Advisory· Published Jun 17, 2013· Updated Jun 16, 2026
CVE-2013-4609
CVE-2013-4609
Description
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
Affected products
20cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:project-redcap:redcap:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*range: <=5.0.3
- cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.