CVE-2019-25499
CRITICAL WAF: High
CVSS 9.8
Published: 2026-03-04
CWE-89
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| simplejobscript | simplejobscript | up to 1.66 |
References
- www.exploit-db.com (Exploit, VDB Entry)
- www.vulncheck.com (Broken Link)