Design/Logic Flaw

2022-11-0320:15:00

PRIOn knowledge base

www.prio-n.com

candidats

sqli attack

databases

crud operations

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

JSON

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.

CPENameOperatorVersion
candidatseq3.0.0

CPE	Name	Operator	Version
	candidats	eq	3.0.0

References

candidats.net/

fluidattacks.com/advisories/mohawke/