Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Simple Job Script: SQL Injection via Malicious Job ID
CVE-2019-25499
Summary
A software called Simple Job Script has a security weakness that lets hackers inject malicious code into its database. This could allow them to access sensitive information or change database data without needing a password. Update the software to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| simplejobscript | simplejobscript | <= 1.66 | – |
Original title
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send...
Original description
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents.
nvd CVSS3.1
9.8
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
- https://www.exploit-db.com/exploits/46612 Exploit VDB Entry
- https://www.vulncheck.com/advisories/simple-job-script-sql-injection-via-get-job... Broken Link
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026