Search
Find a vulnerability
Search criteria
24 vulnerabilities by joomlaworks
CVE-2026-48946 (GCVE-0-2026-48946)
Vulnerability from nvd – Published: 2026-06-25 15:25 – Updated: 2026-06-28 18:37
VLAI
Title
Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26
Summary
The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server's context.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T03:55:55.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache\u0027s standard mod_php matches `\\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server\u0027s context."
}
],
"value": "The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache\u0027s standard mod_php matches `\\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server\u0027s context."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:37:50.059Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48946",
"datePublished": "2026-06-25T15:25:28.947Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:37:50.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48945 (GCVE-0-2026-48945)
Vulnerability from nvd – Published: 2026-06-25 15:26 – Updated: 2026-06-28 18:39
VLAI
Title
Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26
Summary
The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload via archive extraction
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:45:48.959013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:45:53.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/\u003cid\u003e/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names \u2014 non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access."
}
],
"value": "The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/\u003cid\u003e/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names \u2014 non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload via archive extraction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:39:05.415Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48945",
"datePublished": "2026-06-25T15:26:48.917Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:39:05.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48944 (GCVE-0-2026-48944)
Vulnerability from nvd – Published: 2026-06-25 15:24 – Updated: 2026-06-28 18:37
VLAI
Title
Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26
Summary
The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user — including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:42:56.836321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:43:28.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user \u2014 including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint."
}
],
"value": "The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user \u2014 including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:37:04.294Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48944",
"datePublished": "2026-06-25T15:24:45.138Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:37:04.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48943 (GCVE-0-2026-48943)
Vulnerability from nvd – Published: 2026-06-25 15:22 – Updated: 2026-06-28 18:35
VLAI
Title
Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26
Summary
K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table — none of which are exposed by the K2 frontend profile-edit form.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes — i.e. mass-assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:46:02.531914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:46:31.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "K2 \u2264 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table \u2014 none of which are exposed by the K2 frontend profile-edit form."
}
],
"value": "K2 \u2264 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table \u2014 none of which are exposed by the K2 frontend profile-edit form."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes \u2014 i.e. mass-assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:35:03.388Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48943",
"datePublished": "2026-06-25T15:22:50.562Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:35:03.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48942 (GCVE-0-2026-48942)
Vulnerability from nvd – Published: 2026-06-25 15:23 – Updated: 2026-06-28 18:29
VLAI
Title
Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26
Summary
K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T15:52:10.335054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T15:52:26.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "K2 \u2264 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping."
}
],
"value": "K2 \u2264 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:29:05.078Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48942",
"datePublished": "2026-06-25T15:23:38.156Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:29:05.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48941 (GCVE-0-2026-48941)
Vulnerability from nvd – Published: 2026-06-25 15:25 – Updated: 2026-06-28 18:38
VLAI
Title
Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26
Summary
The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorisation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:51:08.132365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:51:16.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`"
}
],
"value": "The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorisation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:38:20.470Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48941",
"datePublished": "2026-06-25T15:25:58.533Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:38:20.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48940 (GCVE-0-2026-48940)
Vulnerability from nvd – Published: 2026-06-25 15:26 – Updated: 2026-06-28 18:38
VLAI
Title
Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26
Summary
A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:47:21.595982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:47:31.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Joomla user with K2 \"create item\" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `\u003cscript\u003e` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page."
}
],
"value": "A Joomla user with K2 \"create item\" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `\u003cscript\u003e` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:38:46.748Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48940",
"datePublished": "2026-06-25T15:26:27.174Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:38:46.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-19634 (GCVE-0-2019-19634)
Vulnerability from nvd – Published: 2019-12-17 17:11 – Updated: 2024-08-05 02:25
VLAI
Summary
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/verot/class.upload.php/blob/2.… | x_refsource_MISC |
| https://medium.com/%40jra8908/cve-2019-19634-arbi… | x_refsource_MISC |
| https://github.com/jra89/CVE-2019-19634 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T17:13:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"name": "https://github.com/jra89/CVE-2019-19634",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19634",
"datePublished": "2019-12-17T17:11:29.000Z",
"dateReserved": "2019-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:25:12.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19576 (GCVE-0-2019-19576)
Vulnerability from nvd – Published: 2019-12-04 17:33 – Updated: 2024-08-05 02:16
VLAI
Summary
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://www.verot.net/php_class_upload.htm | x_refsource_MISC |
| https://www.verot.net | x_refsource_MISC |
| https://github.com/verot/class.upload.php/compare… | x_refsource_MISC |
| https://github.com/verot/class.upload.php/commit/… | x_refsource_MISC |
| https://github.com/verot/class.upload.php/compare… | x_refsource_MISC |
| https://github.com/verot/class.upload.php/commit/… | x_refsource_MISC |
| https://github.com/getk2/k2/commit/d1344706c4b74c… | x_refsource_MISC |
| https://github.com/jra89/CVE-2019-19576 | x_refsource_MISC |
| https://medium.com/%40jra8908/cve-2019-19576-e9da… | x_refsource_MISC |
| http://packetstormsecurity.com/files/155577/Verot… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T17:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.verot.net/php_class_upload.htm",
"refsource": "MISC",
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"name": "https://www.verot.net",
"refsource": "MISC",
"url": "https://www.verot.net"
},
{
"name": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"name": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"name": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"name": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"name": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124",
"refsource": "MISC",
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"name": "https://github.com/jra89/CVE-2019-19576",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779"
},
{
"name": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19576",
"datePublished": "2019-12-04T17:33:34.000Z",
"dateReserved": "2019-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:48.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7482 (GCVE-0-2018-7482)
Vulnerability from nvd – Published: 2018-02-28 07:00 – Updated: 2024-11-14 20:51 Disputed
VLAI
Summary
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.joomlaworks.net/forum/forum-updates-o… | x_refsource_MISC |
| https://exploit-db.com/exploits/44188 | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0"
},
{
"name": "44188",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://exploit-db.com/exploits/44188"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-7482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T15:57:19.214988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T20:51:45.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media\u0026task=connector\u0026cmd=file\u0026target=l1_../configuration.php\u0026download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-02T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0"
},
{
"name": "44188",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://exploit-db.com/exploits/44188"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media\u0026task=connector\u0026cmd=file\u0026target=l1_../configuration.php\u0026download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0",
"refsource": "MISC",
"url": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0"
},
{
"name": "44188",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7482",
"datePublished": "2018-02-28T07:00:00.000Z",
"dateReserved": "2018-02-25T00:00:00.000Z",
"dateUpdated": "2024-11-14T20:51:45.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0696 (GCVE-0-2010-0696)
Vulnerability from nvd – Published: 2010-02-23 18:00 – Updated: 2024-08-07 00:59
VLAI
Summary
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/62331 | vdb-entryx_refsource_OSVDB |
| http://www.joomlaworks.gr/content/view/77/34/ | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/11447 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/38238 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/38587 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62331",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62331"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomlaworks.gr/content/view/77/34/"
},
{
"name": "11447",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11447"
},
{
"name": "38238",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38238"
},
{
"name": "38587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62331",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62331"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomlaworks.gr/content/view/77/34/"
},
{
"name": "11447",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11447"
},
{
"name": "38238",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38238"
},
{
"name": "38587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62331",
"refsource": "OSVDB",
"url": "http://osvdb.org/62331"
},
{
"name": "http://www.joomlaworks.gr/content/view/77/34/",
"refsource": "CONFIRM",
"url": "http://www.joomlaworks.gr/content/view/77/34/"
},
{
"name": "11447",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11447"
},
{
"name": "38238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38238"
},
{
"name": "38587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0696",
"datePublished": "2010-02-23T18:00:00.000Z",
"dateReserved": "2010-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2395 (GCVE-0-2009-2395)
Vulnerability from nvd – Published: 2009-07-09 16:00 – Updated: 2024-08-07 05:52
VLAI
Summary
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35517 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/9030 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2009/1733 | vdb-entryx_refsource_VUPEN |
Date Public
2009-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35517"
},
{
"name": "9030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9030"
},
{
"name": "ADV-2009-1733",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35517"
},
{
"name": "9030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9030"
},
{
"name": "ADV-2009-1733",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35517"
},
{
"name": "9030",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9030"
},
{
"name": "ADV-2009-1733",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2395",
"datePublished": "2009-07-09T16:00:00.000Z",
"dateReserved": "2009-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-48945 (GCVE-0-2026-48945)
Vulnerability from cvelistv5 – Published: 2026-06-25 15:26 – Updated: 2026-06-28 18:39
VLAI
Title
Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26
Summary
The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload via archive extraction
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:45:48.959013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:45:53.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/\u003cid\u003e/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names \u2014 non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access."
}
],
"value": "The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/\u003cid\u003e/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names \u2014 non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload via archive extraction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:39:05.415Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48945",
"datePublished": "2026-06-25T15:26:48.917Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:39:05.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48940 (GCVE-0-2026-48940)
Vulnerability from cvelistv5 – Published: 2026-06-25 15:26 – Updated: 2026-06-28 18:38
VLAI
Title
Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26
Summary
A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:47:21.595982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:47:31.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Joomla user with K2 \"create item\" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `\u003cscript\u003e` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page."
}
],
"value": "A Joomla user with K2 \"create item\" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `\u003cscript\u003e` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:38:46.748Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48940",
"datePublished": "2026-06-25T15:26:27.174Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:38:46.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48941 (GCVE-0-2026-48941)
Vulnerability from cvelistv5 – Published: 2026-06-25 15:25 – Updated: 2026-06-28 18:38
VLAI
Title
Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26
Summary
The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorisation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:51:08.132365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:51:16.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`"
}
],
"value": "The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorisation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:38:20.470Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48941",
"datePublished": "2026-06-25T15:25:58.533Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:38:20.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48946 (GCVE-0-2026-48946)
Vulnerability from cvelistv5 – Published: 2026-06-25 15:25 – Updated: 2026-06-28 18:37
VLAI
Title
Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla < 2.26
Summary
The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server's context.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T03:55:55.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache\u0027s standard mod_php matches `\\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server\u0027s context."
}
],
"value": "The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache\u0027s standard mod_php matches `\\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server\u0027s context."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:37:50.059Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Privileged RCE vulnerability in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48946",
"datePublished": "2026-06-25T15:25:28.947Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:37:50.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48944 (GCVE-0-2026-48944)
Vulnerability from cvelistv5 – Published: 2026-06-25 15:24 – Updated: 2026-06-28 18:37
VLAI
Title
Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla < 2.26
Summary
The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user — including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:42:56.836321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:43:28.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user \u2014 including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint."
}
],
"value": "The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user \u2014 including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:37:04.294Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Exposure of sensitive files via attachment copy in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48944",
"datePublished": "2026-06-25T15:24:45.138Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:37:04.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48942 (GCVE-0-2026-48942)
Vulnerability from cvelistv5 – Published: 2026-06-25 15:23 – Updated: 2026-06-28 18:29
VLAI
Title
Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26
Summary
K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T15:52:10.335054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T15:52:26.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "K2 \u2264 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping."
}
],
"value": "K2 \u2264 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:29:05.078Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48942",
"datePublished": "2026-06-25T15:23:38.156Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:29:05.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48943 (GCVE-0-2026-48943)
Vulnerability from cvelistv5 – Published: 2026-06-25 15:22 – Updated: 2026-06-28 18:35
VLAI
Title
Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla < 2.26
Summary
K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table — none of which are exposed by the K2 frontend profile-edit form.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes — i.e. mass-assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.getk2.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getk2.org | K2 extension for Joomla |
Affected:
1.0-2.26
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T18:46:02.531914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T18:46:31.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "K2 extension for Joomla",
"vendor": "getk2.org",
"versions": [
{
"status": "affected",
"version": "1.0-2.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matan Bahar"
},
{
"lang": "en",
"type": "finder",
"value": "Niv Kochan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "K2 \u2264 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table \u2014 none of which are exposed by the K2 frontend profile-edit form."
}
],
"value": "K2 \u2264 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table \u2014 none of which are exposed by the K2 frontend profile-edit form."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes \u2014 i.e. mass-assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-28T18:35:03.388Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.getk2.org/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Joomla Extension - getk2.org - Authenticated user property mass-assignment in K2 extension for Joomla \u003c 2.26",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2026-48943",
"datePublished": "2026-06-25T15:22:50.562Z",
"dateReserved": "2026-05-26T16:47:13.550Z",
"dateUpdated": "2026-06-28T18:35:03.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-19634 (GCVE-0-2019-19634)
Vulnerability from cvelistv5 – Published: 2019-12-17 17:11 – Updated: 2024-08-05 02:25
VLAI
Summary
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/verot/class.upload.php/blob/2.… | x_refsource_MISC |
| https://medium.com/%40jra8908/cve-2019-19634-arbi… | x_refsource_MISC |
| https://github.com/jra89/CVE-2019-19634 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T17:13:41.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"name": "https://github.com/jra89/CVE-2019-19634",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19634",
"datePublished": "2019-12-17T17:11:29.000Z",
"dateReserved": "2019-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:25:12.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19576 (GCVE-0-2019-19576)
Vulnerability from cvelistv5 – Published: 2019-12-04 17:33 – Updated: 2024-08-05 02:16
VLAI
Summary
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://www.verot.net/php_class_upload.htm | x_refsource_MISC |
| https://www.verot.net | x_refsource_MISC |
| https://github.com/verot/class.upload.php/compare… | x_refsource_MISC |
| https://github.com/verot/class.upload.php/commit/… | x_refsource_MISC |
| https://github.com/verot/class.upload.php/compare… | x_refsource_MISC |
| https://github.com/verot/class.upload.php/commit/… | x_refsource_MISC |
| https://github.com/getk2/k2/commit/d1344706c4b74c… | x_refsource_MISC |
| https://github.com/jra89/CVE-2019-19576 | x_refsource_MISC |
| https://medium.com/%40jra8908/cve-2019-19576-e9da… | x_refsource_MISC |
| http://packetstormsecurity.com/files/155577/Verot… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T17:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.verot.net/php_class_upload.htm",
"refsource": "MISC",
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"name": "https://www.verot.net",
"refsource": "MISC",
"url": "https://www.verot.net"
},
{
"name": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"name": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"name": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"name": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"name": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124",
"refsource": "MISC",
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"name": "https://github.com/jra89/CVE-2019-19576",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779"
},
{
"name": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19576",
"datePublished": "2019-12-04T17:33:34.000Z",
"dateReserved": "2019-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:48.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7482 (GCVE-0-2018-7482)
Vulnerability from cvelistv5 – Published: 2018-02-28 07:00 – Updated: 2024-11-14 20:51 Disputed
VLAI
Summary
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.joomlaworks.net/forum/forum-updates-o… | x_refsource_MISC |
| https://exploit-db.com/exploits/44188 | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0"
},
{
"name": "44188",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://exploit-db.com/exploits/44188"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-7482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-24T15:57:19.214988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T20:51:45.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media\u0026task=connector\u0026cmd=file\u0026target=l1_../configuration.php\u0026download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-02T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0"
},
{
"name": "44188",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://exploit-db.com/exploits/44188"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media\u0026task=connector\u0026cmd=file\u0026target=l1_../configuration.php\u0026download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0",
"refsource": "MISC",
"url": "https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0"
},
{
"name": "44188",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7482",
"datePublished": "2018-02-28T07:00:00.000Z",
"dateReserved": "2018-02-25T00:00:00.000Z",
"dateUpdated": "2024-11-14T20:51:45.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0696 (GCVE-0-2010-0696)
Vulnerability from cvelistv5 – Published: 2010-02-23 18:00 – Updated: 2024-08-07 00:59
VLAI
Summary
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/62331 | vdb-entryx_refsource_OSVDB |
| http://www.joomlaworks.gr/content/view/77/34/ | x_refsource_CONFIRM |
| http://www.exploit-db.com/exploits/11447 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/38238 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/38587 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62331",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62331"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.joomlaworks.gr/content/view/77/34/"
},
{
"name": "11447",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11447"
},
{
"name": "38238",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38238"
},
{
"name": "38587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62331",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62331"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.joomlaworks.gr/content/view/77/34/"
},
{
"name": "11447",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11447"
},
{
"name": "38238",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38238"
},
{
"name": "38587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62331",
"refsource": "OSVDB",
"url": "http://osvdb.org/62331"
},
{
"name": "http://www.joomlaworks.gr/content/view/77/34/",
"refsource": "CONFIRM",
"url": "http://www.joomlaworks.gr/content/view/77/34/"
},
{
"name": "11447",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11447"
},
{
"name": "38238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38238"
},
{
"name": "38587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0696",
"datePublished": "2010-02-23T18:00:00.000Z",
"dateReserved": "2010-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2395 (GCVE-0-2009-2395)
Vulnerability from cvelistv5 – Published: 2009-07-09 16:00 – Updated: 2024-08-07 05:52
VLAI
Summary
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/35517 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/9030 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2009/1733 | vdb-entryx_refsource_VUPEN |
Date Public
2009-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35517"
},
{
"name": "9030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9030"
},
{
"name": "ADV-2009-1733",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35517"
},
{
"name": "9030",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9030"
},
{
"name": "ADV-2009-1733",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35517"
},
{
"name": "9030",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9030"
},
{
"name": "ADV-2009-1733",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2395",
"datePublished": "2009-07-09T16:00:00.000Z",
"dateReserved": "2009-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:52:14.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}