CVE-2025-49484
published 2025-07-18CVE-2025-49484: A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid'…
PriorityP263high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.08%
86.0th percentile
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomsky.com | js_jobs_component_for_joomla | — | — |
| msrc | cbl2_kernel_5.15.182.1-1_on_cbl_mariner_2.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandjobid=1&cvid=(SELECT (CASE WHEN (7270=7270) THEN 1 ELSE (SELECT 6098 UNION SELECT 7386) END))&coverletterid=4&uid=460↗
- ·The vulnerability affects JS Jobs plugin versions 1.0.0 through 1.4.1 per NVD, but the exploit PoC was tested against v1.4.2 — verify the exact affected version range before scoping detection. ↗
- ·Exploitation requires an authenticated session with at least jobseeker-level privileges; unauthenticated scanning alone is insufficient to trigger this vulnerability. ↗
CVSS provenance
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w694-7r6q-q7vv: A SQL injection vulnerability in the JS Jobs plugin versions 1
ghsa_unreviewed·2025-07-18
CVE-2025-49484 [HIGH] CWE-89 GHSA-w694-7r6q-q7vv: A SQL injection vulnerability in the JS Jobs plugin versions 1
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
Microsoft
mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
vendor_msrc·2025-02-11·CVSS 5.5
CVE-2022-49484 [MEDIUM] CWE-476 mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
No detection rules found.
No writeups or analysis indexed.
2025-07-18
Published