Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25501 | 1 Simplejobscript | 1 Simplejobscript | 2026-03-05 | N/A | 8.2 HIGH |
|
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authentication, or modify database contents.
|
|||||
| CVE-2019-25502 | 1 Simplejobscript | 1 Simplejobscript | 2026-03-05 | N/A | 6.1 MEDIUM |
|
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.
|
|||||
| CVE-2020-8645 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.
|
|||||
| CVE-2020-8440 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
|
|||||
| CVE-2020-7229 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php.
|
|||||