hii i have found this in milw0rm.com http://www.milw0rm.com/exploits/9187
this bug can cause the hack of ur site throw a blind sql injection
can any one till me how risky this bug ?
is it safe to use this component ??
thax

Any SQL injection is a big risk. I think the developer took a hiatus because of all the negative posting on joomla. And frankly i don't blame him. He crated something for free and provided free support from what it looks like and still he gets people bitching at him. I checked out the code and you have to clean a couple of the vars and you will be good to go.

In the Jobline.php change the itemId var

Code:

$id = intval(mosGetParam( $_REQUEST ,'id', '' )); $Itemid = intval(mosGetParam( $_REQUEST ,'Itemid', '' ));

If you force them to ints no one can try malicious code in the urls

Thanks. This has already been fixed for v1.2, but I should probably get a patch released for the current version as well.