CVE-2009-4599

JS Jobs (com_jsjobs) 1.0.5.6 - SQL Injection via md or oi Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4599. PoCs published by d0lc3, kaMtiEz.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Joomla's com_jsjobs component, specifically in the administrator panel. The vulnerability arises from improper handling of the 'cid' parameter in the GET request, allowing an attacker to extract sensitive information such as usernames, passwords, and emails from the database.

Description

Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.

Exploits (2)

exploitdb WORKING POC

by d0lc3 · textwebappsphp

https://www.exploit-db.com/exploits/12822

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Joomla's com_jsjobs component, specifically in the administrator panel. The vulnerability arises from improper handling of the 'cid' parameter in the GET request, allowing an attacker to extract sensitive information such as usernames, passwords, and emails from the database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_jsjobs component version 1.0.5.8

No auth needed

Prerequisites: Access to the Joomla administrator panel URL · Joomla com_jsjobs component version 1.0.5.8 installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by kaMtiEz · textwebappsphp

https://www.exploit-db.com/exploits/10366

View Code ZIP pw:eip

This exploit demonstrates SQL injection vulnerabilities in the Joomla component com_jsjobs (version 1.0.5.6). It provides specific URLs and payloads to extract user credentials and database version information.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla com_jsjobs component 1.0.5.6

No auth needed

Prerequisites: Access to the vulnerable Joomla component

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10366

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54663

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37281

Exploit x_refsource_misc

http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txt

Scores

EPSS 0.0201

EPSS Percentile 78.3%

Details

CWE

CWE-89

Status published

Products (1)

joomshark/com_jsjobs 1.0.5.6

Published Jan 12, 2010

Tracked Since Feb 18, 2026