Blackcon

**Name of the Vulnerable Software and Affected Versions** JS JOBS FREE extension for Joomla! versions prior to 1.2.7 **Description** The issue allows SQL Injection via the "index.php?option=com jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo" API endpoint, specifically through the `child` parameter in the `models/custormfields.php` file. This could potentially lead to unauthorized access to database information. **Recommendations** For JS JOBS FREE extension versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `index.php?option=com jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo` API endpoint until the update is applied. Avoid using the `child` parameter in the affected endpoint until the issue is resolved.