CVE-2025-51683
published 2025-12-01CVE-2025-51683: A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.42%
34.0th percentile
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mjobtime | mjobtime | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Hunt IIS web server logs for repeated POST requests to /Default.aspx/update_profile_Server from unauthenticated sources — multiple entries in rapid succession are characteristic of blind SQLi enumeration. ↗
- →Alert on child processes (cmd.exe, ping.exe, wget, curl) spawned by sqlservr.exe, as xp_cmdshell execution will surface as sqlservr.exe parent process in the process tree. ↗
- →Treat any DNS/ICMP/HTTP callback from the MSSQL server host to oastify.com (Interactsh/OAST infrastructure) as a strong indicator of out-of-band exploitation confirmation following SQLi. ↗
- →Monitor for wget and curl invocations originating from sqlservr.exe targeting external resources, observed in two of the three Huntress incidents as post-exploitation download attempts. ↗
- ·In two of three observed incidents the web server and MSSQL server were co-located on the same endpoint, but in one incident they were on separate hosts — detection and isolation strategies must account for both deployment topologies. ↗
- ·No vendor patch has been confirmed publicly available as of the time of reporting; organizations should contact the vendor directly and consider disabling or isolating the application until remediation is provided. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gp72-w5fg-q33m: A blind SQL Injection (SQLi) vulnerability in mJobtime v15
ghsa_unreviewed·2025-12-01
CVE-2025-51683 [CRITICAL] CWE-89 GHSA-gp72-w5fg-q33m: A blind SQL Injection (SQLi) vulnerability in mJobtime v15
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
VulnCheck
mjobtime mjobtime Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2025·CVSS 9.8
CVE-2025-51683 [CRITICAL] mjobtime mjobtime Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
mjobtime mjobtime Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Affected: mjobtime mjobtime
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.huntress.com/blog/hacked-construction-apps-bringing-down-jobsite-security
No detection rules found.
No public exploits indexed.
Huntress
How Hacked Construction Apps Are Bringing Down Jobsite Security
blogs_huntress·2026-01-21
How Hacked Construction Apps Are Bringing Down Jobsite Security
One of the first steps in basic IT and security hygiene is maintaining an accurate inventory of all assets, including physical and virtual systems as well as applications. Once you know what you have, you can begin protecting it through attack surface reduction. However, identifying all installed applications can be difficult, since installing a necessary or business-critical application may also silently install additional software alongside it.
This was the case in the fall of 2024 with the FOUNDATION accounting software . The Huntress SOC team flagged a number of incidents where commands were being run via the installed MSSQL instance (i.e., sqlservr.exe ), and in those incidents, the customer had installed the FOUNDATION accounting software, which relies on the MSSQL instance for its
Huntress
How Hacked Construction Apps Are Bringing Down Jobsite Security | Huntress
blogs_huntress
How Hacked Construction Apps Are Bringing Down Jobsite Security | Huntress
One of the first steps in basic IT and security hygiene is maintaining an accurate inventory of all assets, including physical and virtual systems as well as applications. Once you know what you have, you can begin protecting it through attack surface reduction. However, identifying all installed applications can be difficult, since installing a necessary or business-critical application may also silently install additional software alongside it.
This was the case in the fall of 2024 with the FOUNDATION accounting software. The Huntress SOC team flagged a number of incidents where commands were being run via the installed MSSQL instance (i.e., sqlservr.exe), and in those incidents, the customer had installed the FOUNDATION accounting software, which relies on the MSSQL instance for its ba
2025-12-01
Published
Exploited in the wild