Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for JS Jobs component for Joomla by joomsky.com
CVE-2025-54475 (GCVE-0-2025-54475)
Vulnerability from nvd – Published: 2025-08-15 11:54 – Updated: 2025-08-15 12:57
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.3.2-1.4.4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:12:01.916375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:57:43.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.3.2-1.4.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T11:54:42.692Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-54475"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54475",
"datePublished": "2025-08-15T11:54:42.692Z",
"dateReserved": "2025-07-23T11:16:48.711Z",
"dateUpdated": "2025-08-15T12:57:43.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49484 (GCVE-0-2025-49484)
Vulnerability from nvd – Published: 2025-07-18 09:51 – Updated: 2025-09-30 04:36
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.0.0-1.4.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49484",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T17:53:27.357877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T17:53:36.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.0.0-1.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the \u0027cvid\u0027 parameter in the employee application feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the \u0027cvid\u0027 parameter in the employee application feature."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T04:36:47.498Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-49484"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52373"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-49484",
"datePublished": "2025-07-18T09:51:44.430Z",
"dateReserved": "2025-06-05T13:21:31.503Z",
"dateUpdated": "2025-09-30T04:36:47.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22209 (GCVE-0-2025-22209)
Vulnerability from nvd – Published: 2025-02-15 08:10 – Updated: 2025-02-21 12:16
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.1.5-1.4.3
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:43:45.726825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:49:39.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.1.5-1.4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027searchpaymentstatus\u0027 parameter in the Employer Payment History search feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027searchpaymentstatus\u0027 parameter in the Employer Payment History search feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T12:16:39.292Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-22209",
"datePublished": "2025-02-15T08:10:58.539Z",
"dateReserved": "2025-01-01T04:33:02.765Z",
"dateUpdated": "2025-02-21T12:16:39.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22208 (GCVE-0-2025-22208)
Vulnerability from nvd – Published: 2025-02-15 08:10 – Updated: 2025-02-21 12:16
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.1.5-1.4.3
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:51:15.364685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:51:37.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.1.5-1.4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027filter_email\u0027 parameter in the GDPR Erase Data Request search feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027filter_email\u0027 parameter in the GDPR Erase Data Request search feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T12:16:40.762Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-22208",
"datePublished": "2025-02-15T08:10:59.715Z",
"dateReserved": "2025-01-01T04:33:02.765Z",
"dateUpdated": "2025-02-21T12:16:40.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22206 (GCVE-0-2025-22206)
Vulnerability from nvd – Published: 2025-02-04 14:20 – Updated: 2025-02-06 10:48
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.1.5-1.4.2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:56:24.851031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:57:08.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.1.5-1.4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027fieldfor\u0027 parameter in the GDPR Field feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027fieldfor\u0027 parameter in the GDPR Field feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T10:48:55.695Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://decrypt.locker/obtaining-my-first-cve/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-22206",
"datePublished": "2025-02-04T14:20:48.002Z",
"dateReserved": "2025-01-01T04:33:02.764Z",
"dateUpdated": "2025-02-06T10:48:55.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54475 (GCVE-0-2025-54475)
Vulnerability from cvelistv5 – Published: 2025-08-15 11:54 – Updated: 2025-08-15 12:57
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.3.2-1.4.4
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:12:01.916375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:57:43.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.3.2-1.4.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T11:54:42.692Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-54475"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-54475",
"datePublished": "2025-08-15T11:54:42.692Z",
"dateReserved": "2025-07-23T11:16:48.711Z",
"dateUpdated": "2025-08-15T12:57:43.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49484 (GCVE-0-2025-49484)
Vulnerability from cvelistv5 – Published: 2025-07-18 09:51 – Updated: 2025-09-30 04:36
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.0.0-1.4.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49484",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T17:53:27.357877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T17:53:36.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.0.0-1.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the \u0027cvid\u0027 parameter in the employee application feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the \u0027cvid\u0027 parameter in the employee application feature."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T04:36:47.498Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-49484"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52373"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-49484",
"datePublished": "2025-07-18T09:51:44.430Z",
"dateReserved": "2025-06-05T13:21:31.503Z",
"dateUpdated": "2025-09-30T04:36:47.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22208 (GCVE-0-2025-22208)
Vulnerability from cvelistv5 – Published: 2025-02-15 08:10 – Updated: 2025-02-21 12:16
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.1.5-1.4.3
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:51:15.364685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:51:37.026Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.1.5-1.4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027filter_email\u0027 parameter in the GDPR Erase Data Request search feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027filter_email\u0027 parameter in the GDPR Erase Data Request search feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T12:16:40.762Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22208"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-22208",
"datePublished": "2025-02-15T08:10:59.715Z",
"dateReserved": "2025-01-01T04:33:02.765Z",
"dateUpdated": "2025-02-21T12:16:40.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22209 (GCVE-0-2025-22209)
Vulnerability from cvelistv5 – Published: 2025-02-15 08:10 – Updated: 2025-02-21 12:16
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.1.5-1.4.3
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:43:45.726825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:49:39.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.1.5-1.4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027searchpaymentstatus\u0027 parameter in the Employer Payment History search feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027searchpaymentstatus\u0027 parameter in the Employer Payment History search feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T12:16:39.292Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-22209",
"datePublished": "2025-02-15T08:10:58.539Z",
"dateReserved": "2025-01-01T04:33:02.765Z",
"dateUpdated": "2025-02-21T12:16:39.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22206 (GCVE-0-2025-22206)
Vulnerability from cvelistv5 – Published: 2025-02-04 14:20 – Updated: 2025-02-06 10:48
VLAI?
Title
Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla
Summary
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.
Severity ?
4.7 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| joomsky.com | JS Jobs component for Joomla |
Affected:
1.1.5-1.4.2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:56:24.851031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:57:08.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_jsjobs",
"product": "JS Jobs component for Joomla",
"vendor": "joomsky.com",
"versions": [
{
"status": "affected",
"version": "1.1.5-1.4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027fieldfor\u0027 parameter in the GDPR Field feature."
}
],
"value": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the \u0027fieldfor\u0027 parameter in the GDPR Field feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T10:48:55.695Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://joomsky.com/js-jobs-joomla/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://decrypt.locker/obtaining-my-first-cve/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-22206",
"datePublished": "2025-02-04T14:20:48.002Z",
"dateReserved": "2025-01-01T04:33:02.764Z",
"dateUpdated": "2025-02-06T10:48:55.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}