CVE-2019-17527
CRITICAL WAF: High
CVSS 9.8
Published: 2019-12-19
CWE-89
dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| joomsky | js_jobs | up to 1.2.7 |
References
- gist.github.com (Patch, Third Party Advisory)