CVE-2015-7299

NONE EPSS 81.2%
Published Oct 21, 201510y ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 21, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.

Threat Intelligence

EPSS Exploit Probability
81.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 3

VendorProductVersionRange
nintexk2_blackpearl4.6.7any
nintexk2_for_sharepoint4.6.7any
nintexk2_smartforms4.6.7any

References 2

  • packetstormsecurity.com http://packetstormsecurity.com/files/133953/K2-SmartForms-BlackPearl-SQL-Injection.html
    ExploitThird Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/archive/1/536673/100/0/threaded
    Third Party AdvisoryVDB Entry

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.