CandidATS version 3.0.0 allows an external malicious user to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
auieo candidats 3.0.0 |