9 matches found
CVE-2022-42745
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...
EUVD-2020-30162
Malware in sbrugna...
EUVD-2022-45813
Malicious code in bioql PyPI...
CVE-2022-42750
CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...
CVE-2020-9341
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings=addUser URI...
CVE-2022-42746
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
Cross site scripting
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
PT-2022-26535 · Candidats · Candidats
Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to read arbitrary files from the server due to the application being vulnerable to XXE. Recommendations: For CandidATS version 3.0.0, consider restricting access to...
CVE-2022-42744
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...