CVE-2022-42744
CVE-2022-42744
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · CandidATS