CVE-2019-25740

MEDIUM

Joomla com_jsjobs 1.2.6 Arbitrary File Deletion

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25740. PoCs published by qw3rTyTy.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file deletion vulnerability in Joomla! component com_jsjobs 1.2.6. The vulnerability arises due to insufficient validation in the `storeJob` function, allowing an attacker to delete arbitrary files by manipulating the `ufield926_1` and `ufield926_2` parameters.

Description

Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.

Exploits (1)

exploitdb WORKING POC

by qw3rTyTy · textwebappsphp

https://www.exploit-db.com/exploits/47281

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file deletion vulnerability in Joomla! component com_jsjobs 1.2.6. The vulnerability arises due to insufficient validation in the `storeJob` function, allowing an attacker to delete arbitrary files by manipulating the `ufield926_1` and `ufield926_2` parameters.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Joomla! component com_jsjobs 1.2.6

Auth required

Prerequisites: Valid session ID · Custom userfield of type 'file' configured by an administrator

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Jun 04, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-47281

https://www.exploit-db.com/exploits/47281

Product product

Official Product Homepage

https://www.joomsky.com/

Product product

Product Reference

https://www.joomsky.com/5/download/1

Third Party Advisory third-party-advisory

VulnCheck Advisory: Joomla com_jsjobs 1.2.6 Arbitrary File Deletion

https://www.vulncheck.com/advisories/joomla-com-jsjobs-arbitrary-file-deletion

Scores

CVSS v3 6.5

EPSS 0.0033

EPSS Percentile 24.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

Joomsky/JS Jobs 1.2.6

Published Jun 04, 2026

Tracked Since Jun 04, 2026