exploitDog

CVE-2022-42745

Опубликовано: 03 нояб. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

Ссылки

https://candidats.net/
Product
https://fluidattacks.com/advisories/jcole/
Exploit
Third Party Advisory
https://candidats.net/
Product
https://fluidattacks.com/advisories/jcole/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:auieosoftware:candidats:3.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00536

Низкий

7.5 High

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-5x8p-x36c-4gwr

CVSS3: 7.5

github

больше 3 лет назад

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

EPSS

Процентиль: 67%

0.00536

Низкий

7.5 High

CVSS3

Дефекты

CWE-611