CVE-2025-51683
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk30th percentile - higher than 30% of all known CVEs
Summary
A blind SQL injection vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint.
Risk Assessment
An attacker can read, modify, or delete database records, compromising the confidentiality and integrity of organizational data.
Recommendation
Immediately update mJobtime to the latest patched version and enforce parameterized SQL queries in the application.
Original NVD description (English source)
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .

