CVE-2022-42744

{"id": "CVE-2022-42744", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-11-03T20:15:32.270", "references": [{"url": "https://candidats.net/", "tags": ["Product"], "source": "help@fluidattacks.com"}, {"url": "https://fluidattacks.com/advisories/mohawke/", "tags": ["Exploit", "Third Party Advisory"], "source": "help@fluidattacks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks."}, {"lang": "es", "value": "CandidATS versi\u00f3n 3.0.0 permite que un atacante externo realice operaciones CRUD en las bases de datos de la aplicaci\u00f3n. Esto es posible porque la aplicaci\u00f3n no valida correctamente el par\u00e1metro entradasPerPage contra ataques SQLi."}], "lastModified": "2022-11-05T00:32:23.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49FA43A5-7FB5-4E3A-8530-06C2BC31B078"}], "operator": "OR"}]}], "sourceIdentifier": "help@fluidattacks.com"}