CVE-2022-25228

Posted on by admin

CVE-2022-25228

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in ‘/index.php?m=settings&a=show’ via the ‘userID’ parameter, in ‘/index.php?m=candidates&a=show’ via the ‘candidateID’, in ‘/index.php?m=joborders&a=show’ via the ‘jobOrderID’ and ‘/index.php?m=companies&a=show’ via the ‘companyID’ parameter

Source: CVE-2022-25228

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다