TK Tek, LLC
300 B St.
Sergeant Bluff, IA 51054

Please update to the latest version of JobGrok.

If you have made substatial modifications to the extension, below you'll find instructions on how to fix the vulnerability.

Manual Fix for SQL Injection vulnerabiltiy:

JobGrok Premium (V3.1-1.6.69 and prior)

Locate the file [[[yourjoomlaroot]]]/components/com_jobgrokapp/jobgrok.php
Change Line 65: $query = "SELECT `link` FROM #__menu WHERE id=".JRequest::getVar('Itemid');
To: $query = "SELECT `link` FROM #__menu WHERE id=".(int)JRequest::getVar('Itemid');

 

JobGrok Board (V3.1-1.2.59 and prior)

Locate the file [[[yourjoomlaroot]]]/components/com_jobgrokapp/jobgrokboard.php
Change Line 65: $query = "SELECT `link` FROM #__menu WHERE id=".JRequest::getVar('Itemid');
To: $query = "SELECT `link` FROM #__menu WHERE id=".(int)JRequest::getVar('Itemid');

 

JobGrok Application (V3.1-1.2.55 and prior)

Locate the file [[[yourjoomlaroot]]]/components/com_jobgrokapp/jobgrokapp.php
Change Line 65: $query = "SELECT `link` FROM #__menu WHERE id=".JRequest::getVar('Itemid');
To: $query = "SELECT `link` FROM #__menu WHERE id=".(int)JRequest::getVar('Itemid');

 

JobGrok Listing (V3.1-1.2.58 and prior)

Locate the file [[[yourjoomlaroot]]]/components/com_jobgrokapp/jobgroklist.php
Change Line 65: $query = "SELECT `link` FROM #__menu WHERE id=".JRequest::getVar('Itemid');
To: $query = "SELECT `link` FROM #__menu WHERE id=".(int)JRequest::getVar('Itemid');

My sincerest apologies to those using JobGrok - this was such a rudimentary over sight on my part.