CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-22209: Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla

Description

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.

Classification

CVE ID: CVE-2025-22209

Affected Products

Vendor: joomsky.com

Product: JS Jobs component for Joomla

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.0% (scored less or equal to compared to others)

EPSS Date: 2025-03-16 (when was this score calculated)

References

https://joomsky.com/js-jobs-joomla/

Timeline

2025-02-16 00:31:03 UTC
CVE

Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.3 for Joomla