CVE-2025-49484

HIGH

JS Jobs <1.4.1 - SQL Injection

Title source: llm

Description

A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.

Exploits (2)

exploitdb WORKING POC

by Adam Wallwork · textwebappsphp

https://www.exploit-db.com/exploits/52373

View Code ZIP pw:eip

github WORKING POC

by AdamWallwork · poc

https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-49484

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-49484

[Various Sources] https://joomsky.com/js-jobs-joomla/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/52373

Scores

CVSS v4 8.7

EPSS 0.0068

EPSS Percentile 71.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-89

Status published

Products (1)

joomsky.com/JS Jobs component for Joomla 1.0.0-1.4.1

Published Jul 18, 2025

Tracked Since Feb 18, 2026