CVE-2019-16125

CRITICAL

Jobberbase 2.0 - SQL Injection

Title source: llm

In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.

exploitdb WORKING POC

by Damian Ebelties · bashwebappsphp

CVSS v3 9.8

EPSS 0.0062

EPSS Percentile 70.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89

Status published

Products (1)

jobberbase/jobberbase 2.0

Published Sep 09, 2019

Tracked Since Feb 18, 2026