CVE-2009-4599
published 2010-01-12CVE-2009-4599: Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.01%
78.4th percentile
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomshark | com_jsjobs | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component JS Jobs 1.0.5.8 - SQL Injection
exploitdb·2010-05-31
CVE-2009-4599 Joomla! Component JS Jobs 1.0.5.8 - SQL Injection
Joomla! Component JS Jobs 1.0.5.8 - SQL Injection
---
# Exploit Title: Joomla Component com_jsjobs SQL Injection Vulnerability
#Date: 31/05/10
#Author: http://www.joomsky.com
#Software Link: http://www.joomsky.com/index.php?option=com_rokdownloads&view=file&task=download&id=23%3Ajs-jobs&Itemid=4
#Version: 1.0.5.8
#Tested on: Linux ubuntu32 2.6.32-22-generic x64
#Summary:
On administrator/components/com_jsjobs/views/application/view.html.php file we can find this segment code on line 53:
if ($cur_layout == 'categories'){
if (isset($_GET['cid'][0])) $c_id= $_GET['cid'][0]; //o0ps..possible SQL Injection }:)
else $c_id='';
if ($c_id == ''){
$cids = JRequest :: getVar('cid', array (0), 'post', 'array');
$c_id= $cids[0];
}
... //conditional check some values with elseifs...
}
This
Exploit-DB
Joomla! Component com_jsjobs 1.0.5.6 - SQL Injection
exploitdb·2009-12-10
CVE-2009-4599 Joomla! Component com_jsjobs 1.0.5.6 - SQL Injection
Joomla! Component com_jsjobs 1.0.5.6 - SQL Injection
---
##########################################################################
## Joomla Component com_jsjobs Multiple SQL injection vulnerability ##
## Author : kaMtiEz ([email protected]) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : December 9, 2009 ##
##########################################################################
[ Software Information ]
[+] Vendor : http://www.joomshark.com/
[+] Download : http://www.joomsky.com/index.php?option=com_rokdownloads&view=file&task=download&id=23:js-jobs
[+] version : 1.0.5.6
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_jsjobs"
[+] LOCATION : INDONESIA - JOGJA
[+] Note : this extension have 2 categories .. free and commercial :D
[+] price : 20$
################
No writeups or analysis indexed.
http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txthttp://www.exploit-db.com/exploits/10366http://www.securityfocus.com/bid/37281https://exchange.xforce.ibmcloud.com/vulnerabilities/54663http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txthttp://www.exploit-db.com/exploits/10366http://www.securityfocus.com/bid/37281https://exchange.xforce.ibmcloud.com/vulnerabilities/54663
2010-01-12
Published