CVE-2020-37226 PUBLISHED

Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby

Assigner: VulnCheck
Reserved: 13.05.2026 Published: 13.05.2026 Updated: 13.05.2026

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract sensitive database information using automated tools.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
CVSS Score: 7.1

Product Status

Vendor Joomsky
Product J2 JOBS
Versions
  • Version 1.3.0 is affected

Credits

  • Mehmet Kelepçe / Gais Cyber Security finder

References

Problem Types

  • Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE