CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.
References
Link | Resource |
---|---|
https://candidats.net/ | Product |
https://fluidattacks.com/advisories/mohawke/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2022-11-03T00:00:00
Updated: 2022-11-03T00:00:00
Reserved: 2022-10-10T00:00:00
Link: CVE-2022-42744
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-03T20:15:32.270
Modified: 2022-11-05T00:32:23.317
Link: CVE-2022-42744
JSON object: View
Redhat Information
No data.
CWE