CVE-2013-4609

Published: Jun 17, 2013Modified: Apr 29, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.

Affected (20)

Products: Project Redcap: Redcap · Vanderbilt: Redcap

1 product

1 product

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Project Redcap Redcap	Version 4.13.18
Project Redcap Redcap	Version 4.14.5
Project Redcap Redcap	Version 4.14.6
Project Redcap Redcap	Version 4.15.0
Project Redcap Redcap	Version 4.15.1
Project Redcap Redcap	Version 4.15.2
Project Redcap Redcap	Version 4.15.3
Project Redcap Redcap	Version 4.15.4
Project Redcap Redcap	Version 5.0.0
Project Redcap Redcap	Version 5.0.1
Project Redcap Redcap	Version 5.0.2
Project Redcap Redcap	Version 5.1.0
Project Redcap Redcap	Version 5.1.1
Project Redcap Redcap	Version 5.1.2
Vanderbilt Redcap	Up to 5.0.3
Vanderbilt Redcap	Version 4.14.0
Vanderbilt Redcap	Version 4.14.1
Vanderbilt Redcap	Version 4.14.2
Vanderbilt Redcap	Version 4.14.3
Vanderbilt Redcap	Version 4.14.4

Related CWEs

CWE-264

References (2)

http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf

Source: cve@mitre.org

http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.