Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-7299
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote malicious users to execute arbitrary SQL commands via the xml parameter.
Nintex K2 Blackpearl 4.6.7
Nintex K2 For Sharepoint 4.6.7
Nintex K2 Smartforms 4.6.7
5
CVSSv2
CVE-2018-7482
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an malicious user to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specifi...
Joomlaworks K2 2.8.0
6.4
CVSSv2
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
K2 Smartforms 4.6.11
9
CVSSv2
CVE-2017-11495
PHICOMM K2(PSG1218) devices V22.5.11.5 and previous versions allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
Phicomm K2\\(psg1218\\)-firmware
7.5
CVSSv2
CVE-2019-19634
class.upload.php in verot.net class.upload up to and including 1.0.3 and 2.x up to and including 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Verot Project Verot
Getk2 K2
1 Github repository
7.5
CVSSv2
CVE-2019-19576
class.upload.php in verot.net class.upload prior to 1.0.3 and 2.x prior to 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Verot Project Verot
Getk2 K2
1 EDB exploit
1 Github repository
9
CVSSv2
CVE-2019-19117
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
Phicomm K2\\(psg1218\\) Firmware 22.5.9.163
7.5
CVSSv2
CVE-2009-2395
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and previous versions for Joomla! allows remote malicious users to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
Joomlaworks Com K2
1 EDB exploit
NA
CVE-2022-48071
Phicomm K2 v22.6.534.263 exists to store the root and admin passwords in plaintext.
Phicomm K2 Firmware 22.6.534.263
NA
CVE-2023-40796
Phicomm k2 v22.6.529.216 exists to contain a command injection vulnerability via the function luci.sys.call.
Phicomm K2 Firmware 22.6.529.216
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »