Vulnerabilities > Joomlaworks

DATE CVE VULNERABILITY TITLE RISK
2018-02-28 CVE-2018-7482 Path Traversal vulnerability in Joomlaworks K2 2.8.0
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request.
network
low complexity
joomlaworks CWE-22
7.5
2010-02-23 CVE-2010-0696 Path Traversal vulnerability in Joomlaworks JW Allvideos 3.0/3.1/3.2
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
network
low complexity
joomlaworks joomla CWE-22
5.0
2009-07-09 CVE-2009-2395 SQL Injection vulnerability in Joomlaworks COM K2
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
network
low complexity
joomlaworks joomla CWE-89
7.5