cbcvebase.
CVE-2023-37361
published 2023-07-25

CVE-2023-37361: REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

PriorityP417low2.7CVSS 3.1
AVNACLPRHUINSUCLINAN
EPSS
0.51%
39.8th percentile
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

Affected

2 ranges
VendorProductVersion rangeFixed in
vanderbiltredcap< 12.3.212.3.2
vanderbiltredcap< 12.0.2612.0.26
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.