CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-26712

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://github.com/vuongdq54/RedCap
https://www.evms.edu/research/resources_services/redcap/redcap_change_log/
https://www.project-redcap.org/
https://github.com/vuongdq54/RedCap
https://www.evms.edu/research/resources_services/redcap/redcap_change_log/
https://www.project-redcap.org/

Products affected by CVE-2020-26712

Vanderbilt » Redcap » Version: 10.0.20

cpe:2.3:a:vanderbilt:redcap:10.0.20
Vanderbilt » Redcap » Version: 10.3.4

cpe:2.3:a:vanderbilt:redcap:10.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26712

Products

Pricing

Contact Us