{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T13:32:17.465","vulnerabilities":[{"cve":{"id":"CVE-2022-42744","sourceIdentifier":"help@fluidattacks.com","published":"2022-11-03T20:15:32.270","lastModified":"2026-06-17T05:05:13.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks."},{"lang":"es","value":"CandidATS versión 3.0.0 permite que un atacante externo realice operaciones CRUD en las bases de datos de la aplicación. Esto es posible porque la aplicación no valida correctamente el parámetro entradasPerPage contra ataques SQLi."}],"affected":[{"source":"help@fluidattacks.com","affectedData":[{"vendor":"n/a","product":"CandidATS","versions":[{"version":"3.0.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-05T13:03:54.274138Z","id":"CVE-2022-42744","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:*","matchCriteriaId":"49FA43A5-7FB5-4E3A-8530-06C2BC31B078"}]}]}],"references":[{"url":"https://candidats.net/","source":"help@fluidattacks.com","tags":["Product"]},{"url":"https://fluidattacks.com/advisories/mohawke/","source":"help@fluidattacks.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://candidats.net/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://fluidattacks.com/advisories/mohawke/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}