← back
CVE-2022-25228

CVE-2022-25228

EPSS 0.8%
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter
Affected products
n/a · CandidATS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://candidats.net/forums/https://fluidattacks.com/advisories/jackson/