Job Diary
Monthly
A vulnerability was determined in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A critical SQL injection vulnerability exists in code-projects Job Diary 1.0 via the ID parameter in /view-cad.php, allowing unauthenticated remote attackers to execute arbitrary SQL commands and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, and while the CVSS score is 7.3 (High), the unauthenticated attack vector and low complexity suggest active exploitation is likely. No patch has been confirmed available as of this analysis.
CVE-2025-7594 is a critical SQL injection vulnerability in code-projects Job Diary version 1.0 affecting the /view-emp.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the low attack complexity combined with network accessibility makes this a high-priority threat requiring immediate patching.
CVE-2025-7593 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-all.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive data, modify records, or disrupt application availability. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high impact across confidentiality, integrity, and availability. This represents an active threat requiring immediate patching.
CVE-2025-7533 is a SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-details.php file through the job_id parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially read, modify, or delete database contents. The vulnerability has a CVSS score of 7.3 (High) with public exploit disclosure and proof-of-concept availability, indicating active exploitation risk in the wild. This is a critical severity issue for all deployments of the affected version with direct database access implications.
CVE-2025-7474 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /search.php file's Search parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with potential data exfiltration, modification, and application disruption. The exploit has been publicly disclosed with proof-of-concept code available, and the vulnerability meets the criteria for inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog due to active real-world exploitation.
A vulnerability was determined in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in code-projects Job Diary 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A critical SQL injection vulnerability exists in code-projects Job Diary 1.0 via the ID parameter in /view-cad.php, allowing unauthenticated remote attackers to execute arbitrary SQL commands and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, and while the CVSS score is 7.3 (High), the unauthenticated attack vector and low complexity suggest active exploitation is likely. No patch has been confirmed available as of this analysis.
CVE-2025-7594 is a critical SQL injection vulnerability in code-projects Job Diary version 1.0 affecting the /view-emp.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially extract, modify, or delete database contents. The vulnerability has been publicly disclosed with exploit code available, and the low attack complexity combined with network accessibility makes this a high-priority threat requiring immediate patching.
CVE-2025-7593 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-all.php endpoint's ID parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive data, modify records, or disrupt application availability. The vulnerability has been publicly disclosed with exploit code available, and the CVSS 7.3 score reflects moderate-to-high impact across confidentiality, integrity, and availability. This represents an active threat requiring immediate patching.
CVE-2025-7533 is a SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-details.php file through the job_id parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially read, modify, or delete database contents. The vulnerability has a CVSS score of 7.3 (High) with public exploit disclosure and proof-of-concept availability, indicating active exploitation risk in the wild. This is a critical severity issue for all deployments of the affected version with direct database access implications.
CVE-2025-7474 is a critical SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /search.php file's Search parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with potential data exfiltration, modification, and application disruption. The exploit has been publicly disclosed with proof-of-concept code available, and the vulnerability meets the criteria for inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog due to active real-world exploitation.