CVEs-PoC/2017/CVE-2017-7351.md

CVE-2017-7351

Description

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.

POC

Reference

• https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/
• https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/TheWickerMan/CVE-Disclosures