|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2026-48946 | Medium | Jun 25, 2026 | The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes the more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2026-48945 | Medium | Jun 25, 2026 | The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries//`, and only renames image files (gif/jpg/jpeg/png more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2026-48944 | Medium | Jun 25, 2026 | The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2026-48943 | Medium | Jun 25, 2026 | K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2026-48942 | Medium | Jun 25, 2026 | K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping. |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2026-48941 | Medium | Jun 25, 2026 | The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` cal more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2026-48940 | Low | Jun 25, 2026 | A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `` tag; K2 store more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2019-19634 | Critical | Dec 17, 2019 | class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|
|
| CVE-2019-19576 | Critical | Dec 04, 2019 | class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar f more... |
2.9.0, v2.8.0, v2.7.1, v2.7.0, 2.6.9, 2.6.8, 2.6.7, 2.6.6, 2.6.5, 2.6.4
|