ByteOS Network

NVD Vulnerability Details :

CVE-2019-25740

Deferred

Source-disclosure@vulncheck.com

Published At-04 Jun, 2026 | 14:16

Updated At-04 Jun, 2026 | 15:00

Joomla com_jsjobs 1.2.6 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating custom userfield parameters. Attackers can send POST requests to the job.savejob task with path traversal sequences in the field_2 parameter to delete arbitrary files accessible to the web server.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.1	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 4.0

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	disclosure@vulncheck.com

CWE ID: CWE-22

Type: Primary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://www.exploit-db.com/exploits/47281	disclosure@vulncheck.com	N/A
https://www.joomsky.com/	disclosure@vulncheck.com	N/A
https://www.joomsky.com/5/download/1	disclosure@vulncheck.com	N/A
https://www.vulncheck.com/advisories/joomla-com-jsjobs-arbitrary-file-deletion	disclosure@vulncheck.com	N/A