📄 Description (English)
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
🤖 AI Executive Summary
Joomla! Component Js Jobs 1.2.0 contains a critical CSRF vulnerability (CVE-2018-25327) that allows attackers to perform unauthorized administrative actions without proper token validation. Attackers can craft malicious web pages that, when visited by administrators, execute state-changing operations such as deleting job entries or modifying component settings. With no available patch and no exploit currently public, organizations using this component face moderate but persistent risk requiring immediate mitigation through compensating controls.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 29, 2026 07:34
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using Joomla! with the Js Jobs component—particularly government agencies, educational institutions, and private sector HR departments managing recruitment through this component—face significant risk. Government entities under NCA oversight and organizations subject to SAMA regulations in the financial sector are particularly vulnerable. The vulnerability could lead to unauthorized deletion of job postings, modification of recruitment processes, and potential data integrity issues affecting HR operations and compliance records.
🏢 Affected Saudi Sectors
Government
Education
Banking and Financial Services
Healthcare
Human Resources and Recruitment
Telecommunications
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Audit all Joomla! installations to identify systems running Js Jobs component version 1.2.0 or earlier
2. Disable or uninstall the Js Jobs component immediately if not actively required
3. Restrict administrative access to Joomla! backend to trusted networks only using firewall rules
4. Implement Web Application Firewall (WAF) rules to detect and block CSRF attempts targeting job.jobenforcedelete and similar administrative endpoints
Compensating Controls:
5. Enable CSRF token validation at the WAF level for all state-changing requests
6. Implement Content Security Policy (CSP) headers to prevent malicious form submissions
7. Deploy browser-based CSRF protection extensions for administrative users
8. Monitor admin logs for suspicious job deletion or modification activities
9. Implement multi-factor authentication (MFA) for all administrative accounts
10. Conduct security awareness training for administrators on CSRF attack vectors
Detection Rules:
- Monitor for POST requests to /index.php?option=com_jsjobs&task=job.jobenforcedelete without valid CSRF tokens
- Alert on multiple failed administrative actions from external referrers
- Track unusual job deletion patterns in audit logs
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع تثبيتات Joomla! لتحديد الأنظمة التي تقوم بتشغيل مكون Js Jobs الإصدار 1.2.0 أو الإصدارات الأقدم
2. تعطيل أو إلغاء تثبيت مكون Js Jobs فوراً إذا لم يكن مطلوباً بنشاط
3. تقييد الوصول الإداري إلى خادم Joomla! الخلفي للشبكات الموثوقة فقط باستخدام قواعد جدار الحماية
4. تنفيذ قواعد جدار تطبيقات الويب (WAF) للكشف عن محاولات CSRF وحجبها التي تستهدف job.jobenforcedelete والنقاط النهائية الإدارية المماثلة
الضوابط التعويضية:
5. تفعيل التحقق من رموز CSRF على مستوى WAF لجميع الطلبات التي تغير الحالة
6. تنفيذ رؤوس سياسة أمان المحتوى (CSP) لمنع تقديم النماذج الضارة
7. نشر امتدادات حماية CSRF المستندة إلى المتصفح للمستخدمين الإداريين
8. مراقبة سجلات المسؤول للأنشطة المريبة المتعلقة بحذف أو تعديل الوظائف
9. تنفيذ المصادقة متعددة العوامل (MFA) لجميع الحسابات الإدارية
10. إجراء تدريب التوعية الأمنية للمسؤولين حول متجهات هجوم CSRF
قواعد الكشف:
- مراقبة طلبات POST إلى /index.php?option=com_jsjobs&task=job.jobenforcedelete بدون رموز CSRF صحيحة
- تنبيه على محاولات إدارية متعددة فاشلة من مراجع خارجي
- تتبع أنماط حذف الوظائف غير العادية في سجلات التدقيق
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.6.2.1 - User registration and access rights management
A.7.2.1 - Information security awareness and training
A.12.2.1 - Change management procedures
A.14.2.1 - Information security incident management
🔵 SAMA CSF
Governance - Policy and Risk Management
Protection - Access Control and Authentication
Detection - Security Monitoring and Logging
Response - Incident Management and Reporting
🟡 ISO 27001:2022
A.5.1 - Management direction for information security
A.6.1 - Internal organization
A.6.2 - Mobile device and teleworking
A.7.1 - Prior to public access
A.8.1 - User endpoint devices
A.12.2 - Restrictions on software installation
A.14.2 - Business continuity management
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 7.1 - Limit access to system components
Requirement 10.2 - Implement automated audit trails
🔗 References & Sources 4
🔗
🔗
🔗
🔗
https://extensions.joomla.org/extension/js-jobs/
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/44492
disclosure@vulncheck.com
https://www.joomsky.com
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/joomla-component-js-jobs-cross-site-request-forgery
disclosure@vulncheck.com