CVE-2025-54475 HIGH

CVE-2025-54475: Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla

Vendor Joomsky.com
Product JS Jobs component for Joomla
Weakness CWE-89 · SQLi
Published August 15, 2025
Last update August 15, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.

Explanation of Vulnerability in Simple Terms

02Summary

The JS Jobs component for Joomla contains a SQL injection vulnerability in versions 1.3.2 through 1.4.4. An attacker with low-level user privileges can inject malicious SQL commands to read, modify, or delete database records. The vulnerability requires network access and low authentication but no user interaction. Sites running affected versions should update immediately.

What an attacker can do

03Attacker Capabilities

Read, modify, or delete database records by injecting SQL commands through the component.

Potential impact on your site

04Site Impact

Attackers with user accounts can compromise your database, steal sensitive data, or corrupt site content.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the Joomla site; network access required.

Key dates

06Disclosure timeline

August 15, 2025 CVE published
August 15, 2025 Record updated

Related vulnerabilities

08Related CVE