Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
SQL Injection in Simple Job Script Exposes Employer Data
CVE-2019-25500
Summary
The Simple Job Script has a weakness that allows hackers to access sensitive data or make unauthorized changes to the database by manipulating database queries. This can happen when an attacker sends a specific type of request to the register-recruiters endpoint. To protect your data, update the Simple Job Script to fix this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| simplejobscript | simplejobscript | <= 1.66 | – |
Original title
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can ...
Original description
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
- https://www.exploit-db.com/exploits/46612 Exploit VDB Entry
- https://www.vulncheck.com/advisories/simple-job-script-sql-injection-via-registe... Third Party Advisory
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026