CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-22206: Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla

Description

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.

Classification

CVE ID: CVE-2025-22206

Affected Products

Vendor: joomsky.com

Product: JS Jobs component for Joomla

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.83% (scored less or equal to compared to others)

EPSS Date: 2025-03-05 (when was this score calculated)

References

https://joomsky.com/js-jobs-joomla/

Timeline

2025-02-05 01:21:18 UTC
CVE

Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla