CVE-2019-25740
Arbitrary File Deletion in Joomla com_jsjobs
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joomla | com_jsjobs | 1.2.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in Joomla com_jsjobs version 1.2.6 and allows authenticated attackers to delete arbitrary files on the web server.
Attackers exploit insufficient input validation in custom userfield parameters, specifically by sending POST requests to the job.savejob task with path traversal sequences in the field_2 parameter.
This manipulation enables attackers to specify file paths for deletion, leading to arbitrary file deletion on the server.
How can this vulnerability impact me? :
This vulnerability can significantly impact the integrity and availability of your Joomla installation.
An authenticated attacker can delete arbitrary files on the web server, including potentially sensitive or critical files such as configuration files.
This can lead to service disruption, loss of important data, and compromise of the website's functionality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the job.savejob task that include path traversal sequences in the field_2 parameter or similar custom userfield parameters.
Specifically, you can look for POST requests containing parameters like 'field_2' or 'ufield926_2' with values including '../' sequences indicating path traversal attempts.
Commands to detect such activity might include using network traffic inspection tools or web server logs analysis. For example, using grep on web server access logs to find suspicious POST requests:
- grep -i "POST" /var/log/apache2/access.log | grep "job.savejob" | grep "field_2="
- grep -i "POST" /var/log/apache2/access.log | grep "job.savejob" | grep "ufield926_2="
Additionally, monitoring for unexpected file deletions or changes in critical files on the server can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling access to the vulnerable com_jsjobs component version 1.2.6 until a patch or update is applied.
Ensure that only trusted authenticated users have access to the job.savejob task, as exploitation requires authentication.
Monitor and block suspicious POST requests containing path traversal sequences in the field_2 or similar parameters.
Apply input validation and sanitization on user-supplied parameters to prevent path traversal sequences from being processed.
If possible, update the com_jsjobs component to a version where this vulnerability is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the arbitrary file deletion vulnerability in Joomla com_jsjobs 1.2.6 affects compliance with common standards and regulations such as GDPR or HIPAA.