← Back to CVE List

CVE-2022-25228

Published: 2022-08-18T20:15Z
Last Modified: 2024-11-21T06:51Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter > MITRE Terms of Use apply – see LICENSE‑MITRE.txt