CVE-2019-25501

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

CVE-2019-25507

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...

CVE-2019-25504 NCrypted Jobgator Lastest SQL Injection via agents Find-Jobs

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract...

CVE-2019-25503

CVE-2019-25503 affects PHPads 2.0. The vulnerability is an SQL injection in the bannerID parameter of click.php3, allowing unauthenticated attackers to craft values (e.g., SQL comments, extractvalue) to execute arbitrary queries and reveal data such as the current database name. The impact is hig...

CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

CVE-2019-25501 Simple Job Script SQL Injection via delete_application_ajax.php

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

CVE-2019-25501

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

CVE-2019-25500

Simple Job Script is affected by an SQL injection in the employerid parameter of the register-recruiters endpoint. Attackers can send unauthenticated POST requests to manipulate queries, potentially exposing sensitive data (C: HIGH) and altering data (I: LOW). Affected vector is network with low ...

CVE-2019-25499

CVE-2019-25499 affects the Simple Job Script and allows unauthenticated SQL injection via the job_id parameter in get_job_applications_ajax.php. The vulnerability enables manipulation of database queries, potentially bypassing authentication and exposing or altering data. CVSS metrics indicate hi...

CVE-2019-25498 Simple Job Script SQL Injection via searched Endpoint

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landinglocation parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticatio...

CVE-2019-25498

CVE-2019-25498 describes an SQL injection in the product “Simple Job Script” that allows unauthenticated attackers to manipulate database queries via the landing_location parameter. The vulnerability can be triggered by POST requests to the searched endpoint, potentially bypassing authentication ...

CVE-2023-7337

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2023-7337

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2023-7337

The JS Help Desk – AI-Powered Support & Ticketing System WordPress plugin (v2.8.2) is vulnerable to SQL Injection via the js-support-ticket-token-tkstatus cookie. This stems from an incomplete fix for CVE-2023-50839, leaving a second sink with insufficient escaping and inadequate preparation on t...

CVE-2026-1651

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-3180

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cglmail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter...

Simplejobscript SQL注入漏洞

Simplejobscript is a free web development software open source by Niteosoft. Simplejobscript has a SQL injection vulnerability; this vulnerability stems from the landinglocation parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extrac...

NCrypted Jobgator SQL注入漏洞

NCrypted Jobgator is a recruitment website construction script developed by the US company NCrypted. NCrypted Jobgator has a SQL injection vulnerability, which stems from the experience parameter being susceptible to SQL injections. This vulnerability could allow unverified attackers to manipulat...

PT-2026-22869

Name of the Vulnerable Software and Affected Versions WP-Members Membership Plugin versions up to and including 3.5.5.1 Description The WP-Members Membership Plugin for WordPress is susceptible to SQL Injection through the order by attribute of the wpmem user membership posts shortcode. This is...

PT-2026-22953

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing location parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticati...