Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25501 | 2 Niteosoft, Simplejobscript | 2 Simple Job Script, Simplejobscript | 2026-03-05 | 8.2 High |
| Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authentication, or modify database contents. | ||||
| CVE-2019-25502 | 2 Niteosoft, Simplejobscript | 2 Simple Job Script, Simplejobscript | 2026-03-05 | 6.1 Medium |
| Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions. | ||||
| CVE-2020-8645 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php. | ||||
| CVE-2020-8440 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 9.8 Critical |
| controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. | ||||
| CVE-2020-7229 | 1 Simplejobscript | 1 Simplejobscript | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php. | ||||
Page 1 of 1.