以下是简洁的Markdown格式提取的关键信息: Joomla NeoRecruit SQL Injection vulnerability Name: Joomla com_neorecruit BSqli Vulnerability Date: July 6, 2010 Critical Level: HIGH Author credit: Sid3^effects aKa HaRi - Remote access via web browser. CVSS Base Score: 7.5/10 Impact Subscore: 6.4/10 - Confidentiality Impact: Partial - Integrity Impact: Partial - Security Impact: Partial Exploitability Subscore: 10/10 - Authentication: None required CVE: CVE-2010-4995 CWE: CWE-89 Description This vulnerability is an SQL injection caused by weak data inputs validation. The NeoRecruit component allows jobs and internships proposals classification. It is a system that recovers CVs and cover letters from applicants. The attacker can exploit this vulnerability to manage cookies or sessions from their user accounts. Recommendation The vendor must issue a fix to ensure this vulnerability. References http://xforce.iss.net/xforce/xfdb/60125 http://www.vupen.com/english/advisories/2010/1738 http://www.securityfocus.com/bid/41408 http://www.exploit-db.com/exploits/14250 http://packetstormsecurity.org/1007-exploits/joomlaneorecruit-sql.txt Demo The web server running the application: