cbcvebase.
CVE-2025-51683
published 2025-12-01

CVE-2025-51683: A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request…

PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.42%
34.0th percentile
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .

Affected

1 ranges
VendorProductVersion rangeFixed in
mjobtimemjobtime

Detection & IOCsextracted from sources · hover to see the quote

url/Default.aspx/update_profile_Server
commandMSSQL$MJOBTIME/15457;xp_cmdshell,0,1
  • Hunt IIS web server logs for repeated POST requests to /Default.aspx/update_profile_Server from unauthenticated sources — multiple entries in rapid succession are characteristic of blind SQLi enumeration.
  • Alert on child processes (cmd.exe, ping.exe, wget, curl) spawned by sqlservr.exe, as xp_cmdshell execution will surface as sqlservr.exe parent process in the process tree.
  • Treat any DNS/ICMP/HTTP callback from the MSSQL server host to oastify.com (Interactsh/OAST infrastructure) as a strong indicator of out-of-band exploitation confirmation following SQLi.
  • Monitor for wget and curl invocations originating from sqlservr.exe targeting external resources, observed in two of the three Huntress incidents as post-exploitation download attempts.
  • ·In two of three observed incidents the web server and MSSQL server were co-located on the same endpoint, but in one incident they were on separate hosts — detection and isolation strategies must account for both deployment topologies.
  • ·No vendor patch has been confirmed publicly available as of the time of reporting; organizations should contact the vendor directly and consider disabling or isolating the application until remediation is provided.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.