Simple Job Script SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Simple Job Script, allowing attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Exploitation involves sending POST requests to delete_application_ajax.php with crafted payloads, which can be used to extract sensitive data, bypass authentication, or modify database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to delete_application_ajax.php with a payload that injects SQL code through the app_id parameter. This injection can be crafted to, for example, extract data from the database or manipulate database contents. Other endpoints such as get_job_applications_ajax.php and register-recruiters also exhibit similar SQL injection vulnerabilities by injecting SQL through parameters like job_id and employerid, respectively.