Lucene search
K

25 matches found

CVE
CVE
added last week6 views

CVE-2026-48945

The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-48945 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 article gallery upload path accepts a zip/tar archive, extracts it under /media/k2/galleries//, and only renames image files gif/jpg/jpeg/png/webp to safe names — non-image files including .php are extracted as-is and remain executable via direct HTTP access...

5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added last week13 views

CVE-2026-48940

CVE-2026-48940 involves a stored cross-site scripting (XSS) in the Joomla extension K2. A user with K2 (Author by default) create-item rights can submit an article where the embedVideo POST field contains a raw [removed] tag. K2 stores the payload verbatim and renders it unescaped to every visito...

3.4CVSS5.9AI score0.00167EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week31 views

CVE-2026-48940 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-48940 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

5.8AI score0.00167EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-48941

CVE-2026-48941 affects the K2 frontend, specifically the item.checkin task in the GetK2 Joomla extension (for Joomla

6.5CVSS5.8AI score0.00159EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week32 views

CVE-2026-48946 Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-48944 Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

5.8AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2026-48944 Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26

The K2 frontend article-save handler accepts an attachmentNexisting POST field that is concatenated with JPATHSITE/ and passed to JFile::copy. JPath::clean does NOT strip .., and there is no allow-list of source paths. An Author can therefore copy configuration.php or any other file readable by t...

0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2026-48942 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

K2 ≤ 2.26 renders the k2users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...

0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-48942 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

K2 ≤ 2.26 renders the k2users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...

5.8AI score0.00149EPSS
Exploits0References1
CVE
CVE
added last week7 views

CVE-2026-48943

Summary: CVE-2026-48943 affects K2 ≤ 2.24, specifically the K2 system user plugin plg_user_k2. A mass‑assignment defect allows a registered Joomla user to set the field K2UserForm=1 in a normal com_users profile.save POST and write arbitrary values into the notes, image, and plugins columns of th...

6.5CVSS6AI score0.00182EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.7 views

CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS6.5AI score0.26184EPSS
Exploits7References1
OSV
OSV
added 2020/02/28 1:10 a.m.21 views

GHSA-2GC7-W4HW-RR2M class.upload.php in verot.net omits .pht from the set of dangerous file extensions

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.8CVSS9.4AI score0.04153EPSS
Exploits3References4
OSV
OSV
added 2020/01/16 10:17 p.m.26 views

GHSA-R5GM-4P5W-PQ2P Remote code execution in verot/class.upload.php

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS9.4AI score0.26184EPSS
Exploits7References11
Github Security Blog
Github Security Blog
added 2020/01/16 10:17 p.m.72 views

Remote code execution in verot/class.upload.php

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions...

9.8CVSS2.9AI score0.26184EPSS
Exploits7References12Affected Software1
OSV
OSV
added 2019/12/17 6:15 p.m.24 views

CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.8CVSS6.7AI score0.04153EPSS
Exploits3References3
NVD
NVD
added 2019/12/17 6:15 p.m.25 views

CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.8CVSS9.5AI score0.04153EPSS
Exploits3References3
Prion
Prion
added 2019/12/17 6:15 p.m.17 views

Code injection

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

7.5CVSS9.4AI score0.26184EPSS
Exploits9References3Affected Software2
Cvelist
Cvelist
added 2019/12/17 5:11 p.m.28 views

CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576...

9.5AI score0.04153EPSS
Exploits3References3
Rows per page
Query Builder