First published: Tue Feb 04 2025(Updated: )
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.
Credit: security@joomla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Joomsky JS Jobs | >=1.1.5<=1.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-22206 has been classified as a critical vulnerability due to its potential for SQL injection and arbitrary command execution.
CVE-2025-22206 affects authenticated administrators using the JS Jobs plugin versions 1.1.5 to 1.4.2 for Joomla.
To fix CVE-2025-22206, upgrade the JS Jobs plugin to the latest version that addresses this vulnerability.
In the context of CVE-2025-22206, SQL injection allows an attacker to manipulate SQL queries through the 'fieldfor' parameter, potentially gaining unauthorized database access.
No, CVE-2025-22206 requires authenticated access, meaning it can only be exploited by users with administrator privileges.