Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
candidats vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-25228
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders...
Auieo Candidats 3.0.0
8.8
CVSSv3
CVE-2020-9341
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
Auieo Candidats 2.1.0
1 Github repository
9.8
CVSSv3
CVE-2022-42744
CandidATS version 3.0.0 allows an external malicious user to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.
Auieo Candidats 3.0.0
7.5
CVSSv3
CVE-2022-42745
CandidATS version 3.0.0 allows an external malicious user to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.
Auieosoftware Candidats 3.0.0
6.1
CVSSv3
CVE-2022-42746
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external malicious user to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
Auieo Candidats 3.0.0
6.1
CVSSv3
CVE-2022-42747
CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external malicious user to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
Auieo Candidats 3.0.0
6.1
CVSSv3
CVE-2022-42748
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external malicious user to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
Auieo Candidats 3.0.0
6.1
CVSSv3
CVE-2022-42749
CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external malicious user to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
Auieo Candidats 3.0.0
8.8
CVSSv3
CVE-2022-42750
CandidATS version 3.0.0 allows an external malicious user to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.
Auieo Candidats 3.0.0
8.8
CVSSv3
CVE-2022-42751
CandidATS version 3.0.0 allows an external malicious user to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.
Auieo Candidats 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started