PT-2009-4956 · Joomla · Jobline
Manhluat93
·
Published
2009-07-20
·
Updated
2017-09-19
·
CVE-2009-2554
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jobline (com jobline) versions 1.1.2.2 through 1.3.1 and possibly earlier versions
Description
The issue allows remote attackers to execute arbitrary SQL commands via the
search parameter in a results action to "index.php", which invokes the search method from the searchJobPostings function in "jobline.php". This is a SQL injection vulnerability in the search method in jobline.class.php, a component for Joomla!.Recommendations
For versions 1.1.2.2 through 1.3.1 and possibly earlier versions, consider disabling the search function in jobline.class.php until a patch is available. Restrict access to the
search parameter in the results action to "index.php" to minimize the risk of exploitation. Avoid using the search parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jobline