Published: 28/02/2018 Updated: 11/04/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an malicious user to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads

Vulnerable Product	Search on Vulmon	Subscribe to Product
joomlaworks k2 2.8.0

Joomla! K2 component version 280 suffers from an arbitrary file download vulnerability ...

CWE-22 https://exploit-db.com/exploits/44188 https://www.joomlaworks.net/forum/forum-updates-other-resources/49046-false-cve-report-on-k2-v2-8-0 https://nvd.nist.gov https://packetstormsecurity.com/files/146594/Joomla-K2-2.8.0-Arbitrary-File-Download.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-7482

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect