CVE-2019-25500

Name of the Vulnerable Software and Affected Versions Simple Job Script (affected versions not specified)

Description An SQL injection flaw allows unauthenticated attackers to manipulate database queries. By sending POST requests to the 'register-recruiters' endpoint, attackers can inject SQL code via the employerid parameter using time-based payloads to extract sensitive data or modify database contents. Time-based SQL injection is a technique that relies on the database pausing its execution for a specified duration to determine if a query is true or false.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the employerid parameter in the 'register-recruiters' endpoint until the issue is resolved.