CVE-2025-49484 HIGH

CVE-2025-49484: Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla

Vendor Joomsky.com
Product JS Jobs component for Joomla
Weakness CWE-89 · SQLi
Published July 18, 2025
Last update September 30, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.

Explanation of Vulnerability in Simple Terms

02Summary

The JS Jobs component for Joomla contains a SQL injection vulnerability in versions 1.0.0 through 1.4.1. An attacker with low-level user privileges can inject malicious SQL code through unfiltered input, potentially reading or modifying the site database. This affects any Joomla site running the vulnerable component.

What an attacker can do

03Attacker Capabilities

Read, modify, or delete data from the site database by injecting SQL commands.

Potential impact on your site

04Site Impact

Database contents (user data, posts, settings) can be compromised without admin knowledge.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the Joomla site.

Key dates

06Disclosure timeline

July 18, 2025 CVE published
September 30, 2025 Record updated

Related vulnerabilities

08Related CVE