CVE-2026-33350
EUVD-2026-2055208.04.2026, 19:25
LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging browser. Attackers can use SQL ingestion to access/alter data on the server. This vulnerability is fixed in 27.0.3 and 28.0.1.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mcgill | loris | 𝑥 < 27.0.3 |
| mcgill | loris | 28.0.0 |
𝑥
= Vulnerable software versions