Skip to main content

Candidats

10 CVEs product

Monthly

CVE-2022-42749 MEDIUM POC This Month

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42748 MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42747 MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42746 MEDIUM POC This Month

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-42745 HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Candidats
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-42744 CRITICAL POC Act Now

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Candidats
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-42751 HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Candidats
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2022-42750 HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Candidats
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-25228 MEDIUM POC This Month

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Candidats
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-9341 HIGH POC This Week

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Candidats
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Candidats
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Candidats
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Candidats
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Candidats
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Candidats
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Candidats
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Candidats
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy