Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-7299
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote malicious users to execute arbitrary SQL commands via the xml parameter.
Nintex K2 Blackpearl 4.6.7
Nintex K2 For Sharepoint 4.6.7
Nintex K2 Smartforms 4.6.7
7.5
CVSSv3
CVE-2018-7482
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an malicious user to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specifi...
Joomlaworks K2 2.8.0
6.5
CVSSv3
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
K2 Smartforms 4.6.11
9.8
CVSSv3
CVE-2017-11495
PHICOMM K2(PSG1218) devices V22.5.11.5 and previous versions allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
Phicomm K2\\(psg1218\\)-firmware
8.8
CVSSv3
CVE-2019-19117
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
Phicomm K2\\(psg1218\\) Firmware 22.5.9.163
9.8
CVSSv3
CVE-2019-19634
class.upload.php in verot.net class.upload up to and including 1.0.3 and 2.x up to and including 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Verot Project Verot
Getk2 K2
1 Github repository
9.8
CVSSv3
CVE-2019-19576
class.upload.php in verot.net class.upload prior to 1.0.3 and 2.x prior to 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Verot Project Verot
Getk2 K2
1 EDB exploit
1 Github repository
NA
CVE-2009-2395
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and previous versions for Joomla! allows remote malicious users to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
Joomlaworks Com K2
1 EDB exploit
7.5
CVSSv3
CVE-2022-48071
Phicomm K2 v22.6.534.263 exists to store the root and admin passwords in plaintext.
Phicomm K2 Firmware 22.6.534.263
7.8
CVSSv3
CVE-2023-40796
Phicomm k2 v22.6.529.216 exists to contain a command injection vulnerability via the function luci.sys.call.
Phicomm K2 Firmware 22.6.529.216
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »