CVE-2020-7229

Name of the Vulnerable Software and Affected Versions Simplejobscript.com SJS versions prior to 1.65

Description An issue was discovered in Simplejobscript.com SJS. There is unauthenticated SQL injection via the search engine, specifically through the landing location parameter in the countSearchedJobs() function, located in the lib/class.Job.php file.

Recommendations For versions prior to 1.65, update to version 1.65 or later to resolve the issue. As a temporary workaround, consider restricting access to the search engine or disabling the countSearchedJobs() function until a patch is available. Avoid using the landing location parameter in the affected search engine endpoint until the issue is resolved.