Vulnerability CVE-2022-25228


Published: 2022-08-18

Description:
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter

 References:
https://candidats.net/forums/
https://fluidattacks.com/advisories/jackson/

Copyright 2026, cxsecurity.com

 

Back to Top