CVE-2009-2395
NONE EPSS 85.9%
Published Jul 9, 200916y ago · Modified Jun 16, 20262w ago
Published Jul 9, 2009 16y ago
Last Modified Jun 16, 2026 2w ago
Description
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
Threat Intelligence
EPSS Exploit Probability
85.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 2
| Vendor | Product | Version | Range |
|---|---|---|---|
| joomlaworks | com_k2 | * | ≤1.0.1 |
| joomla | joomla\! | * | any |
References 3
- exploit-db.com http://www.exploit-db.com/exploits/9030
- securityfocus.com http://www.securityfocus.com/bid/35517
- vupen.com http://www.vupen.com/english/advisories/2009/1733
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.