Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Simple Job Script: Attackers can access or delete data by sending malicious requests
CVE-2019-25501
Summary
An attacker can send a malicious request to the Simple Job Script, potentially allowing them to access or delete sensitive data. This is a serious issue, as it could compromise the security of your data. To protect your data, update the Simple Job Script to prevent attackers from injecting malicious SQL code.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| simplejobscript | simplejobscript | <= 1.66 | – |
Original title
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST ...
Original description
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authentication, or modify database contents.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
- https://www.exploit-db.com/exploits/46612 Exploit VDB Entry
- https://www.vulncheck.com/advisories/simple-job-script-sql-injection-via-delete-... Broken Link
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026