Auieo - CVE CyberSecurity Database News

Nov 3, 2022 SQL Auieo Candidats

"CVE-2022-42744: Unrestricted CRUD Operations in CandidATS 3.. Leads to Database Compromise"

Overview: CandidATS version 3.. has a security vulnerability that allows external attackers to perform Create, Read, Update, and Delete (CRUD) operations on application databases. The

Nov 3, 2022 XSS Exploit SQL Auieo Candidats

CVE-2022-42748: Cross-Site Scripting Vulnerability in CandidATS 3..'s 'sortDirection' Parameter in 'ajax.php'

A recent vulnerability, identified as CVE-2022-42748, found in CandidATS version 3.. on the 'sortDirection' parameter of the 'ajax.php' resource, allows

Nov 3, 2022 XSS PHP Auieo Candidats

CVE-2022-42747: Unauthenticated XSS Vulnerability in CandidATS 3.. through 'sortBy' of the 'ajax.php' Resource

A critical security vulnerability has been identified in CandidATS version 3... This vulnerability (CVE-2022-42747) allows an unauthenticated external attacker to steal the cookie of arbitrary

Nov 3, 2022 XXE Exploit PHP Auieo Candidats

CVE-2022-42745 Exploiting XXE in CandidATS 3.. to Read Arbitrary Files

CandidATS, an open source Applicant Tracking System, is widely used by organizations to manage the recruitment process. Recently, a security vulnerability, CVE-2022-42745, has been discovered

CVE-2022-42751: Critical Privilege Escalation in CandidATS (v3..) Leveraging CSRF Vulnerabilities - Exploit Details, PoC, and Remediation

Nov 3, 2022 CSRF Exploit Auieo Candidats

CVE-2022-42751: Critical Privilege Escalation in CandidATS (v3..) Leveraging CSRF Vulnerabilities - Exploit Details, PoC, and Remediation

CandidATS, a popular open-source Applicant Tracking System (ATS) is reportedly affected by a high-impact Critical Privilege Escalation vulnerability (CVE-2022-42751) found in version 3... The vulnerability