CVE-2019-25740
published 2026-06-04CVE-2019-25740: Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield…
PriorityP343medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.33%
24.5th percentile
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomsky | js_jobs | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Joomsky JS Jobs 1.2.6 field_2 path traversal (Exploit 47281)
vuldb·2026-06-04·CVSS 7.1
CVE-2019-25740 [HIGH] Joomsky JS Jobs 1.2.6 field_2 path traversal (Exploit 47281)
A vulnerability was found in Joomsky JS Jobs 1.2.6. It has been declared as critical. This affects an unknown function. Executing a manipulation of the argument field_2 can lead to path traversal.
This vulnerability is tracked as CVE-2019-25740. The attack can be launched remotely. Moreover, an exploit is present.
GHSA
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters.
ghsa_unreviewed·2026-06-04
CVE-2019-25740 [HIGH] CWE-22 Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters.
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-04
Published