Vulnerability Description
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has been patched in 3.16.1, 3.15.9, 3.14.1, and 3.13.1 and users are advised to upgrade.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclinica | Openclinica | < 3.13.1 |
Related Weaknesses (CWE)
References
- https://github.com/OpenClinica/OpenClinica/pull/3490/commits/b152cc63019230c9973PatchThird Party Advisory
- https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-5289-4jwp-xpPatchThird Party Advisory
- https://github.com/OpenClinica/OpenClinica/pull/3490/commits/b152cc63019230c9973PatchThird Party Advisory
- https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-5289-4jwp-xpPatchThird Party Advisory
FAQ
What is CVE-2022-24831?
CVE-2022-24831 is a vulnerability with a CVSS score of 8.3 (HIGH). OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatena...
How severe is CVE-2022-24831?
CVE-2022-24831 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24831?
Check the references section above for vendor advisories and patch information. Affected products include: Openclinica Openclinica.