| |
Vulnerability CVE-2022-25228
Published: 2022-08-18
| Description: |
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter |
References: |
https://candidats.net/forums/
https://fluidattacks.com/advisories/jackson/
|
|
|
closedb();
?>
Copyright 2026, cxsecurity.com
|
|
|