Joomla plugin K2 RCE via CSRF or WCI

November 20, 2016 007admin Leave a comment

Posted by Anti Räis on Nov 20

K2 RCE via CSRF or WCI
######################

Information
===========

Name: K2 Joomla! Extension 2.5.0 – 2.7.1
Software: K2
Platform: Joomla 3.6.2
Homepage: https://getk2.org/, http://extensions.joomla.org/extension/k2
Vulnerability: RCE, arbitrary file upload, missing CSRF protection
Prerequisites: victim has to be authenticated user with administrator role
CVE: pending

Credit: Anti Räis
HTML version:…

007 Software

Joomla plugin K2 RCE via CSRF or WCI

Leave a Reply Cancel reply

Software and Security Information