What the vulnerability does
01Description
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
What the vulnerability does
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
Explanation of Vulnerability in Simple Terms
The JS Jobs component for Joomla contains a SQL injection vulnerability in versions 1.0.0 through 1.4.1. An attacker with low-level user privileges can inject malicious SQL code through unfiltered input, potentially reading or modifying the site database. This affects any Joomla site running the vulnerable component.
What an attacker can do
Read, modify, or delete data from the site database by injecting SQL commands.
Potential impact on your site
Database contents (user data, posts, settings) can be compromised without admin knowledge.
Conditions required to exploit
Attacker must have a low-privilege user account on the Joomla site.
Key dates
External resources
Related vulnerabilities