Lucene search
+L

5 matches found

euvd
euvd
added 2026/06/25 3:22 p.m.4 views

EUVD-2026-39438

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

6.5CVSS6AI score0.00182EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/25 3:22 p.m.31 views

CVE-2026-48943 Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

0.00182EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/25 3:22 p.m.8 views

CVE-2026-48943 Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

5.9AI score0.00182EPSS
Exploits0References1
cve
cve
added 2026/06/25 3:22 p.m.15 views

CVE-2026-48943

Summary: CVE-2026-48943 affects K2 ≤ 2.24, specifically the K2 system user plugin plg_user_k2. A mass‑assignment defect allows a registered Joomla user to set the field K2UserForm=1 in a normal com_users profile.save POST and write arbitrary values into the notes, image, and plugins columns of th...

6.5CVSS6AI score0.00182EPSS
Exploits0References1Affected Software1
alpinelinux
alpinelinux
added 2026/06/25 3:22 p.m.5 views

CVE-2026-48943

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin plguserk2. A Registered Joomla user, by including the field K2UserForm=1 in a standard comusers profile.save POST, can write arbitrary values into the notes, image, and plugins columns of their own row in the k2users table —...

6.5CVSS5.9AI score0.00182EPSS
Exploits0References1
Rows per page
Query Builder