CVE-2019-25740 HIGH

CVE-2019-25740: Joomla com_jsjobs 1.2.6 Arbitrary File Deletion

Vendor Joomsky

Product JS Jobs

Weakness CWE-22 · Path traversal

Published June 4, 2026

Last update June 4, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.

Key dates

Disclosure timeline

June 4, 2026 CVE published

June 4, 2026 Record updated