CVE-2022-25228

2022-08-1819:29:36

Fluid Attacks

www.cve.org

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in ‘/index.php?m=settings&a=show’ via the ‘userID’ parameter, in ‘/index.php?m=candidates&a=show’ via the ‘candidateID’, in ‘/index.php?m=joborders&a=show’ via the ‘jobOrderID’ and ‘/index.php?m=companies&a=show’ via the ‘companyID’ parameter

CNA Affected

[
  {
    "product": "CandidATS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "3.0.0 Beta (Pilava Beta)"
      }
    ]
  }
]

References

candidats.net/forums/

fluidattacks.com/advisories/jackson/