What the vulnerability does
01Description
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
What the vulnerability does
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
Explanation of Vulnerability in Simple Terms
The JS Jobs component for Joomla contains a SQL injection vulnerability in versions 1.3.2 through 1.4.4. An attacker with low-level user privileges can inject malicious SQL commands to read, modify, or delete database records. The vulnerability requires network access and low authentication but no user interaction. Sites running affected versions should update immediately.
What an attacker can do
Read, modify, or delete database records by injecting SQL commands through the component.
Potential impact on your site
Attackers with user accounts can compromise your database, steal sensitive data, or corrupt site content.
Conditions required to exploit
Attacker must have a low-privilege user account on the Joomla site; network access required.
Key dates
External resources
Related vulnerabilities