CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.
References
Link Resource
https://fluidattacks.com/advisories/jcole/ Exploit Third Party Advisory
https://candidats.net/ Product
Configurations

Configuration 1

cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:*

Information

Published : 2022-11-03 08:15

Updated : 2022-11-05 12:32


NVD link : CVE-2022-42745

Mitre link : CVE-2022-42745

Products Affected
No products.
CWE
CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')