exploitDog

CVE-2022-42744

Опубликовано: 03 нояб. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.

Ссылки

https://candidats.net/
Product
https://fluidattacks.com/advisories/mohawke/
Exploit
Third Party Advisory
https://candidats.net/
Product
https://fluidattacks.com/advisories/mohawke/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00943

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-942w-mcgr-2rjq

CVSS3: 9.8

github

больше 3 лет назад

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.

EPSS

Процентиль: 76%

0.00943

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89