CVE-2019-25740
6.5 MEDIUMJoomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipula...
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-22
Description
Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-47368 — A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to ob... (8.6 HIGH)
- CVE-2026-45171 — Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to ...
- CVE-2025-24268 — A parsing issue in the handling of directory paths was addressed with improved path validation (5.5 MEDIUM)
- CVE-2026-49982 — tmp is a temporary file and directory creator for node.js (8.2 HIGH)
- CVE-2026-44705 — tmp is a temporary file and directory creator for node.js