Описание
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.13.1 (исключая)Версия от 3.15 (исключая) до 3.15.9 (исключая)Версия от 3.16 (исключая) до 3.16.1 (исключая)
Одно из
cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*
cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*
cpe:2.3:a:openclinica:openclinica:*:*:*:*:*:*:*:*
cpe:2.3:a:openclinica:openclinica:3.14:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00257
Низкий
8.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
CWE-89
EPSS
Процентиль: 49%
0.00257
Низкий
8.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
CWE-89