Vulnerability Details CVE-2019-25498
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authentication and extract sensitive database information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.3%
CVSS Severity
CVSS v3 Score 8.2
References
Products affected by CVE-2019-25498
-
cpe:2.3:a:simplejobscript:simplejobscript:1.65
-
cpe:2.3:a:simplejobscript:simplejobscript:1.66