2022-08-18 19:29:36
Fluid Attacks
PUBLISHED
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in /index.php?m=settings&a=show via the userID parameter, in /index.php?m=candidates&a=show via the candidateID, in /index.php?m=joborders&a=show via the jobOrderID and /index.php?m=companies&a=show via the companyID parameter