Security Advisory

CVE-2022-25228

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-18 19:29:36

Last updated 2024-08-03 04:36:06

Assigner Fluid Attacks

State PUBLISHED

Description

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in /index.php?m=settings&a=show via the userID parameter, in /index.php?m=candidates&a=show via the candidateID, in /index.php?m=joborders&a=show via the jobOrderID and /index.php?m=companies&a=show via the companyID parameter

← Browse all CVEs View on cve.org ↗