CVE-2015-7299
The CVE-2015-7299 issue affects K2 products: K2 blackpearl, SmartForms, and K2 for SharePoint (version 4.6.7). A Boolean-based SQL injection exists in Runtime/Runtime/AjaxCall.ashx via the xml parameter, allowing an anonymous attacker to read data and potentially access or reconstruct sensitive D...