CVE-2009-2554

Name of the Vulnerable Software and Affected Versions Jobline (com jobline) versions 1.1.2.2 through 1.3.1 and possibly earlier versions

Description The issue allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to "index.php", which invokes the search method from the searchJobPostings function in "jobline.php". This is a SQL injection vulnerability in the search method in jobline.class.php, a component for Joomla!.

Recommendations For versions 1.1.2.2 through 1.3.1 and possibly earlier versions, consider disabling the search function in jobline.class.php until a patch is available. Restrict access to the search parameter in the results action to "index.php" to minimize the risk of exploitation. Avoid using the search parameter in the affected API endpoint until the issue is resolved.