SQL Injection Vulnerability in REDCap by Trustwave

CVE-2023-37361

What is CVE-2023-37361?

REDCap versions 12.0.26 LTS and 12.3.2 Standard are susceptible to SQL Injection attacks through specific parameters, including scheduling, repeatforms, purpose, app_title, or randomization. This vulnerability can allow attackers to manipulate database queries and potentially retrieve sensitive data, leading to significant security concerns. Organizations using these versions should evaluate their systems for exposure and implement immediate security measures.

References