CVE-2019-17527

Name of the Vulnerable Software and Affected Versions JS JOBS FREE extension for Joomla! versions prior to 1.2.7

Description The issue allows SQL Injection via the "index.php?option=com jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo" API endpoint, specifically through the child parameter in the models/custormfields.php file. This could potentially lead to unauthorized access to database information.

Recommendations For JS JOBS FREE extension versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php?option=com jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo API endpoint until the update is applied. Avoid using the child parameter in the affected endpoint until the issue is resolved.