CVE Catalog

CVE-2025-51683

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

A blind SQL injection vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint.

Risk Assessment

An attacker can read, modify, or delete database records, compromising the confidentiality and integrity of organizational data.

Recommendation

Immediately update mJobtime to the latest patched version and enforce parameterized SQL queries in the application.

Original NVD description (English source)

A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .

Vulnerability data from NVD (NIST) · CISA KEV · EPSS