CandidATS version 3.0.0 allows an external malicious user to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
auieosoftware candidats 3.0.0 |