Zeeways Jobsite CMS SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Zeeways Jobsite CMS, affecting all versions. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Exploitation can be achieved by sending crafted requests to 'news_details.php', 'jobs_details.php', or 'job_cmp_details.php', using malicious 'id' values that incorporate GROUP BY and CASE statements to extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of database queries, potentially leading to unauthorized data access or disclosure.

Reproduction

To reproduce this vulnerability, send a request to 'news_details.php', 'jobs_details.php', or 'job_cmp_details.php' with a crafted 'id' parameter that includes SQL injection payloads. The injected SQL code can be designed to exploit the application's database query handling, such as by using GROUP BY and CASE statements to extract database information.