Description
Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information.
Published: 2026-03-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated remote SQL injection enabling data exfiltration
Action: Patch Immediately
AI Analysis

Impact

Zeeways Jobsite CMS allows attackers to inject arbitrary SQL code through the 'id' parameter in several front‑end pages. By sending crafted GET requests that include SQL clauses such as GROUP BY and CASE statements, an attacker can manipulate database queries to read sensitive information from the backend. This vulnerability can expose confidential data, potentially compromising the entire application’s data integrity and confidentiality.

Affected Systems

All versions of the Zeeways Jobsite CMS are potentially vulnerable, as no specific version constraints are listed. The issue affects the pages news_details.php, jobs_details.php, and job_cmp_details.php across the CMS installation.

Risk and Exploitability

The CVSS score of 8.8 classifies this flaw as High severity. EPSS data is not available, and the vulnerability is not in the KEV catalog, suggesting no known large‑scale exploitation yet. The likely attack vector is via HTTP requests over the network, and because no authentication is required, any external user capable of directing requests to the affected URLs can exploit it.

Generated by OpenCVE AI on March 24, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Monitor network traffic for unexpected requests to news_details.php, jobs_details.php, or job_cmp_details.php.
  • Validate and sanitize all input parameters, especially 'id', on the server side.
  • If a patch or update is released by Zeeways, apply it immediately.
  • Consider temporarily blocking or restricting access to the affected pages until a fix is available.

Generated by OpenCVE AI on March 24, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:zeeways:jobsite_cms:*:*:*:*:*:*:*:* cpe:2.3:a:zeeways:jobsite_cms:-:*:*:*:*:*:*:*

Wed, 15 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Zeeways jobsite Cms
CPEs cpe:2.3:a:zeeways:jobsite_cms:*:*:*:*:*:*:*:*
Vendors & Products Zeeways jobsite Cms

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Zeeways
Zeeways zeejobsite
Vendors & Products Zeeways
Zeeways zeejobsite

Tue, 24 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information.
Title Zeeways Jobsite CMS Lastest SQL Injection via id Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Zeeways Jobsite Cms Zeejobsite
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T17:53:55.551Z

Reserved: 2026-03-24T11:03:11.186Z

Link: CVE-2019-25636

cve-icon Vulnrichment

Updated: 2026-03-24T17:53:52.671Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T12:16:04.400

Modified: 2026-04-15T16:10:09.500

Link: CVE-2019-25636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:39:35Z

Weaknesses