Every CVE whose affected-product data names Auieo Candidats, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-42744 — CVSS 9.8 (critical): CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the…
CVE-2020-9341 — CVSS 8.8 (high): CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
CVE-2022-42750 — CVSS 8.8 (high): CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does…
CVE-2022-42751 — CVSS 8.8 (high): CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application…
CVE-2022-25228 — CVSS 6.5 (medium): CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID'…
CVE-2022-42747 — CVSS 6.1 (medium): CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is…
CVE-2022-42748 — CVSS 6.1 (medium): CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users…
CVE-2022-42749 — CVSS 6.1 (medium): CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is…
CVE-2022-42746 — CVSS 6.1 (medium): CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This…