13 matches found
CVE-2026-48944
Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...
EUVD-2009-2391
Malware in sbrugna...
SUSE CVE-2009-2395
SQL injection vulnerability in the K2 comk2 component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php...
VulnCheck KEV: CVE-2018-7482
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1../configuration.php&download=1 request. The specific pathname ../configuration.php...
Joomla! K2 Component Access Control Error Vulnerability
Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds , site search and other features . K2 is used in one of the article system components , the component supports the image display and commenting and other featur...
CVE-2018-7482
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1../configuration.php&download=1 request. The specific pathname ../configuration.php should b...
CVE-2018-7482
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1../configuration.php&download=1 request. The specific pathname ../configuration.php should b...
CVE-2018-7482
The CVE-2018-7482 vulnerability affects the Joomla! K2 component version 2.8.0, where an Incorrect Access Control allows directory traversal to download arbitrary files via a crafted request (view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1). The base path l1_.. sugges...
Joomla K2 2.8.0 Component - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component K2 2.8.0 - Arbitrary File Download Dork: N/A Date: 26.02.2018 Vendor Homepage: http://www.joomlaworks.net/ Software Link:...
Joomla! Stor for K2 Component SQL Injection Vulnerability
Joomla! is an open source content management system CMS, the system provides RSS feeds, site search and other functions. A SQL injection vulnerability exists in version 3.8.2 of the Joomla! Stor for K2 component. The vulnerability exists because the program fails to adequately filter user-submitt...
Sql injection
SQL injection vulnerability in the K2 comk2 component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php...
CVE-2009-2395
SQL injection vulnerability in the K2 comk2 component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php...
CVE-2009-2395
SQL injection vulnerability in the K2 comk2 component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php...