CVE-2019-25636 in Jobsite CMS
摘要 (英语)
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
负责
VulnCheck
预定
2026-03-24
披露
2026-03-24
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 352713 | Zeeways Jobsite CMS news_details.php SQL注入 | 89 | 概念验证 | 未定义 | CVE-2019-25636 |