CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25228

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.4%

CVSS Severity

CVSS v3 Score 6.5

References

https://candidats.net/forums/
https://fluidattacks.com/advisories/jackson/
https://candidats.net/forums/
https://fluidattacks.com/advisories/jackson/

Products affected by CVE-2022-25228

Auieo » Candidats » Version: 3.0.0

cpe:2.3:a:auieo:candidats:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25228

Products

Pricing

Contact Us