Vulnerabilities > Auieo

DATE CVE VULNERABILITY TITLE RISK
2022-11-03 CVE-2022-42744 SQL Injection vulnerability in Auieo Candidats 3.0.0
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases.
network
low complexity
auieo CWE-89
critical
 9.8
9.8
2022-11-03 CVE-2022-42746 Cross-site Scripting vulnerability in Auieo Candidats 3.0.0
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users.
network
low complexity
auieo CWE-79
6.1
6.1
2022-11-03 CVE-2022-42747 Cross-site Scripting vulnerability in Auieo Candidats 3.0.0
CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users.
network
low complexity
auieo CWE-79
6.1
6.1
2022-11-03 CVE-2022-42748 Cross-site Scripting vulnerability in Auieo Candidats 3.0.0
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users.
network
low complexity
auieo CWE-79
6.1
6.1
2022-11-03 CVE-2022-42749 Cross-site Scripting vulnerability in Auieo Candidats 3.0.0
CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users.
network
low complexity
auieo CWE-79
6.1
6.1
2022-11-03 CVE-2022-42750 Cross-site Scripting vulnerability in Auieo Candidats 3.0.0
CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users.
network
low complexity
auieo CWE-79
8.8
8.8
2022-11-03 CVE-2022-42751 Cross-Site Request Forgery (CSRF) vulnerability in Auieo Candidats 3.0.0
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application.
network
low complexity
auieo CWE-352
8.8
8.8
2022-08-18 CVE-2022-25228 SQL Injection vulnerability in Auieo Candidats 3.0.0
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter
network
low complexity
auieo CWE-89
6.5
6.5
2020-02-22 CVE-2020-9341 Cross-Site Request Forgery (CSRF) vulnerability in Auieo Candidats 2.1.0
CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.
network
low complexity
auieo CWE-352
8.8
8.8