Vulnerabilities > Joomlaworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-28 | CVE-2018-7482 | Path Traversal vulnerability in Joomlaworks K2 2.8.0 The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. | 7.5 |
| 2010-02-23 | CVE-2010-0696 | Path Traversal vulnerability in Joomlaworks JW Allvideos 3.0/3.1/3.2 Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. | 5.0 |
| 2009-07-09 | CVE-2009-2395 | SQL Injection vulnerability in Joomlaworks COM K2 SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. | 7.5 |