Simple Job Script SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Simple Job Script, allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. This vulnerability is present in the latest version of the application. Attackers can send POST requests to get_job_applications_ajax.php with malicious job_id values to bypass authentication, extract sensitive data, or modify database contents.

Impact

Exploitation of this vulnerability allows for unauthorized database manipulation, including data extraction and modification.

Reproduction

To reproduce this vulnerability, send a POST request to the get_job_applications_ajax.php endpoint with a crafted job_id parameter that includes SQL injection payloads. The injected SQL code will be executed by the database, allowing for manipulation of the database query, extraction of sensitive data, or modification of database contents.