Joomla! Component JS Jobs Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Joomla! component JS Jobs, version 1.2.0. This vulnerability allows attackers to perform state-changing actions without proper token validation. By crafting malicious HTML forms that target administrative endpoints, such as 'job.jobenforcedelete', attackers can delete job entries or alter component settings. This exploitation occurs when administrators visit pages controlled by the attacker.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of job entries or modification of component settings on behalf of an administrator.

Reproduction

To reproduce this vulnerability, create a malicious HTML form that includes the necessary hidden input fields to target an administrative endpoint, such as 'job.jobenforcedelete'. Once the form is prepared, it can be submitted automatically when an administrator visits the page, performing the desired state-changing action without their consent.

Remediation

Users are advised to update to the latest version of the JS Jobs component.