CVE-2022-42745 Information

Description

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

Reference

https://fluidattacks.com/advisories/jcole/ https://candidats.net/