CVE-2022-25228
18.08.2022, 20:15
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter
| Vendor | Product | Version |
|---|---|---|
| auieo | candidats | 3.0.0:beta |
𝑥
= Vulnerable software versions