Unrated severityNVD Advisory· Published Aug 17, 2019· Updated Aug 5, 2024
CVE-2019-14937
CVE-2019-14937
Description
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- REDCap/REDCapdescription
- Range: <9.3.0
Patches
Vulnerability mechanics
References
3- gist.github.com/hiennv20/6739606a4d0d25612f5139ec391060b7mitrex_refsource_MISC
- projectredcap.org/resources/community/mitrex_refsource_MISC
- www.evms.edu/research/resources_services/redcap/redcap_change_log/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.