CVE-2019-25740— Joomla com_jsjobs 1.2.6 Arbitrary File Deletion
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-25740
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Joomla com_jsjobs 1.2.6 Arbitrary File Deletion
Source: NVD (National Vulnerability Database)
Vulnerability Description
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
JoomSky Joomla com_jsjobs 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
JoomSky Joomla com_jsjobs是JoomSky公司的一个招聘求职管理组件。 JoomSky Joomla com_jsjobs 1.2.6版本存在路径遍历漏洞,该漏洞源于对自定义用户字段参数操作不当,可能导致经过身份验证的攻击者删除文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2019-25740
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-25740
请登录查看更多情报信息。
Vendor Advisories for CVE-2019-25740 (1)
- 🔗 Joomla com_jsjobs 1.2.6 Arbitrary File Deletion | Advisories | VulnCheckthird-party-advisory
Exploits & Public PoCs for CVE-2019-25740 (1)
Vendor Pages for CVE-2019-25740 (1)
Other References for CVE-2019-25740 (1)
- 🔗 Page not found - Joomskyproduct
IV. Related Vulnerabilities
Same vendor: Joomsky
- CVE-2018-25327
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery - CVE-2020-37226
Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby - CVE-2020-37224
Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby - CVE-2026-32534
WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulne - CVE-2026-32535
WordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Obj
Same weakness: CWE-22
- CVE-2026-11911
Simple File List <= 6.3.7 - Unauthenticated Arbitrary File D - CVE-2026-9843
Database for Contact Form 7, WPforms, Elementor forms <= 1.5 - CVE-2026-48129
Kestra task inputFiles accepts traversal filenames for worke - CVE-2026-49342
YARD static cache reads raw traversal paths before router sa - CVE-2026-49340
gonic has arbitrary file write in createPlaylist: any authen
V. Comments for CVE-2019-25740
No comments yet