Lucene search
+L

4 matches found

cve
cve
added 2026/06/25 3:25 p.m.17 views

CVE-2026-48946

CVE-2026-48946 affects the K2 frontend Joomla extension (getk2.com) prior to version 2.26. The issue allows a K2 Author to upload a PHP file (e.g., shell.php) via the article-attachment upload path; Apache mod_php executes the file under the K2 web user, enabling arbitrary PHP code execution in t...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/05/22 10:8 a.m.8 views

CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS6.5AI score0.26184EPSS
Exploits7References1
packetstorm
packetstorm
added 2018/02/27 12:0 a.m.71 views

Joomla! K2 2.8.0 Arbitrary File Download

Exploit Title: Joomla! Component K2 2.8.0 - Arbitrary File Download Dork: N/A Date: 26.02.2018 Vendor Homepage: http://www.joomlaworks.net/ Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/content-construction/k2/ Software Download:...

7.5AI score0.02353EPSS
Exploits3
packetstorm
packetstorm
added 2009/06/29 12:0 a.m.30 views

Joomla K2 1.0.1b SQL Injection

---------------------------------------------------------------------- Joomla Component comk2 sectionid SQL injection Vulnerability ---------------------------------------------------------------------- + Author : Chip D3 Bi0s + Email : chipdebiosalt+64gmail.com + Group : LatinHackTeam +...

0.5AI score
Exploits0
Rows per page
Query Builder