CVE-2025-51683
Published: 01 December 2025
Description
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint .
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of POST request inputs to the /Default.aspx/update_profile_Server endpoint to block SQL injection payloads.
Mandates timely remediation of the blind SQLi flaw in mJobtime v15.7.2 through patching or code correction.
Enforces authentication requirements for access to the vulnerable endpoint, blocking unauthenticated remote attackers.
Security SummaryAI
CVE-2025-51683 is a blind SQL injection (SQLi) vulnerability in mJobtime version 15.7.2, a time management software accessible via mjobtime.com. Published on 2025-12-01, the flaw resides in the /Default.aspx/update_profile_Server endpoint, where unauthenticated attackers can execute arbitrary SQL statements through a crafted POST request. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-89.
Remote unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction or privileges required. By sending a specially crafted POST request, they can inject and execute arbitrary SQL statements, potentially compromising the confidentiality, integrity, and availability of the database with high impact.
Advisories such as the one from InfoGuard Labs (covering CVE-2025-51682 and CVE-2025-51683) describe the SQLi in this time management software, including paths to potential RCE. Practitioners should consult these references and the vendor site at mjobtime.com for mitigation details, patch availability, or workarounds.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE describes unauthenticated blind SQLi in public-facing web endpoint (/Default.aspx), enabling arbitrary SQL execution for DB access (T1190, T1213.006).