Description
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-45814 | CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions. |
References
History
Mon, 05 May 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: Fluid Attacks
Published:
Updated: 2025-05-05T13:11:59.348Z
Reserved: 2022-10-10T00:00:00.000Z
Link: CVE-2022-42751
Updated: 2024-08-03T13:10:41.477Z
Status : Modified
Published: 2022-11-03T18:15:17.447
Modified: 2026-06-17T05:05:14.477
Link: CVE-2022-42751
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-352
Cross-Site Request Forgery (CSRF)
EUVD