Medium severity6.5NVD Advisory· Published Aug 18, 2022· Updated Jun 17, 2026
CVE-2022-25228
CVE-2022-25228
Description
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CandidATS/CandidATSdescription
Patches
Vulnerability mechanics
References
2- fluidattacks.com/advisories/jackson/nvdExploitThird Party Advisory
- candidats.net/forums/nvdProductVendor Advisory
News mentions
0No linked articles in our index yet.