CVE-2025-22209
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
15/02/2025
Last modified:
21/02/2025
Description
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM