CVE-2022-42751

Name of the Vulnerable Software and Affected Versions CandidATS version 3.0.0

Description The issue allows an external attacker to elevate privileges in the application due to a Cross-Site Request Forgery (CSRF) weakness. This enables the attacker to persuade an administrator into creating a new account with administrative permissions.

Recommendations For CandidATS version 3.0.0, consider implementing CSRF protection mechanisms to prevent attackers from manipulating administrators into creating accounts with elevated privileges. As a temporary workaround, restrict access to account creation features to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.