AdamWallwork

11 exploits Active since Feb 2025
CVE-2025-49484 GITHUB HIGH WORKING POC
JS Jobs component for Joomla 1.0.0-1.4.1 - Authenticated SQL Injection via 'cvid' Parameter
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
CVE-2025-22206 GITHUB MEDIUM WORKING POC
JS Jobs 1.1.5-1.4.2 - Authenticated SQL Injection via GDPR Field Parameter
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.
CVSS 4.7
CVE-2025-22208 WRITEUP MEDIUM WORKING POC
JS Jobs <1.1.5-1.4.3 - SQL Injection
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.
CVSS 4.7
CVE-2025-22209 WRITEUP MEDIUM WORKING POC
JS Jobs <1.1.5-1.4.3 - SQL Injection
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.
CVSS 4.7
CVE-2025-22210 WRITEUP HIGH WORKING POC
Hikashop 3.3.0-5.1.4 - Authenticated SQL Injection in Category Management
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.
CVSS 7.2
CVE-2025-22211 WRITEUP LOW WORKING POC
JoomShopping <1.4.3 - SQL Injection
A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend.
CVSS 3.4
CVE-2025-22212 WRITEUP LOW WORKING POC
Convert Forms <4.4.9 - SQL Injection
A SQL injection vulnerability in the Convert Forms component versions 1.0.0-1.0.0 - 4.4.9 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the submission management area in backend.
CVSS 2.7
CVE-2025-25225 WRITEUP MEDIUM WORKING POC
Hikashop <5.1.3 - Privilege Escalation
A privilege escalation vulnerability in the Hikashop component versions 1.0.0-5.1.3 for Joomla allows authenticated attackers (administrator) to escalate their privileges to Super Admin Permissions.
CVSS 6.5
CVE-2025-25228 WRITEUP LOW WORKING POC
VirtueMart 1.0.0-4.4.7 - SQL Injection
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
CVSS 3.8
CVE-2025-54475 WRITEUP HIGH WORKING POC
JS Jobs component for Joomla 1.3.2-1.4.4 - Authenticated SQL Injection
A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.
CVE-2025-55757 WRITEUP MEDIUM WORKING POC
VirtueMart component for Joomla 1.0.0-4.4.10 - Unauthenticated Reflected Cross-Site Scripting
A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.
CVSS 6.1