Zeeways Jobsite CMS SQL Injection Vulnerability (CVE-2019-25636)
Zeeways Jobsite CMS is vulnerable to SQL injection, allowing unauthenticated attackers to inject SQL code through the 'id' GET parameter in crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php to extract sensitive database information.
Zeeways Jobsite CMS is vulnerable to SQL injection (CVE-2019-25636). This vulnerability allows unauthenticated attackers to inject arbitrary SQL code into database queries via the ‘id’ GET parameter. The vulnerability affects the news_details.php, jobs_details.php, and job_cmp_details.php files. By sending crafted HTTP requests with malicious ‘id’ parameter values, attackers can manipulate database queries using techniques like GROUP BY and CASE statements. The initial report was published…
Detection coverage 2
Zeeways Jobsite CMS SQL Injection Attempt
highDetects potential SQL injection attempts targeting Zeeways Jobsite CMS via the 'id' parameter
Zeeways Jobsite CMS SQL Injection - Exploit DB Pattern
highDetects potential SQL injection attempts leveraging exploit DB patterns targeting Zeeways Jobsite CMS via the 'id' parameter
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
3
url