← back
CVE-2025-49484

Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla

CVSS 8.7 HIGHEPSS 3.1%CWE-89
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
joomsky.com · JS Jobs component for Joomla
public PoCs found1
cve_referencewww.exploit-db.com/exploits/52373unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-49484https://joomsky.com/js-jobs-joomla/https://www.exploit-db.com/exploits/52373