CVE-2025-22209

State: PUBLISHED · Published: 2025-02-15 · Updated: 2025-02-21 · Assigner: Joomla

Description

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.

CWE

CWE-89 — CWE-89: Improper Neutralization of Special Elements used in an SQL Command

Affected

joomsky.com / JS Jobs component for Joomla — v=1.1.5-1.4.3 [affected]

CVSS

(none)

References

https://joomsky.com/js-jobs-joomla/ product
https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-22209 third-party-advisory

Source

cvelistV5-main/cves/2025/22xxx/CVE-2025-22209.json