Vulnerability Name:

CVE-2009-2395 (CCN-51414)

Assigned:2009-06-29
Published:2009-06-29
Updated:2017-09-19
Summary:SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.1 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-89
Vulnerability Consequences:Data Manipulation
References:Source: MITRE
Type: CNA
CVE-2009-2395

Source: CCN
Type: Joomla! Web site
K2 component for Joomla!

Source: EXPLOIT-DB
Type: UNKNOWN
9030

Source: CCN
Type: OSVDB ID: 55759
K2 Component for Joomla! index.php category Parameter SQL Injection

Source: BID
Type: Exploit
35517

Source: CCN
Type: BID-35517
Joomla! K2 Component 'category' Parameter SQL Injection Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1733

Source: XF
Type: UNKNOWN
k2-index-sql-injection(51414)

Source: SUSE
Type: SUSE-SA:2009:041
flash player remote code execution problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:joomlaworks:com_k2:*:beta:*:*:*:*:*:* (Version <= 1.0.1)
  • AND
  • cpe:/a:joomla:joomla!:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:52002
    P
    Security update for haproxy (Critical)
    2023-02-14
    oval:org.opensuse.security:def:51934
    P
    Security update for python3 (Important)
    2022-10-06
    oval:org.opensuse.security:def:5302
    P
    Security update for postgresql12 (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:5335
    P
    Security update for postgresql10 (Important)
    2022-08-26
    oval:org.opensuse.security:def:5277
    P
    Security update for the Linux Kernel (Important)
    2022-06-20
    oval:org.opensuse.security:def:20092395
    V
    CVE-2009-2395
    2022-05-20
    oval:org.opensuse.security:def:6026
    P
    Security update for xen (Moderate)
    2022-05-03
    oval:org.opensuse.security:def:5366
    P
    Security update for flac (Moderate)
    2022-03-14
    oval:org.opensuse.security:def:5353
    P
    Security update for php72 (Moderate)
    2022-02-25
    oval:org.opensuse.security:def:5344
    P
    Security update for xen (Important)
    2022-02-17
    oval:org.opensuse.security:def:6004
    P
    Security update for MozillaFirefox (Important)
    2022-01-18
    oval:org.opensuse.security:def:10711
    P
    Security update for MozillaThunderbird (Important)
    2022-01-12
    oval:org.opensuse.security:def:51768
    P
    Security update for apache2 (Important)
    2022-01-12
    oval:org.opensuse.security:def:5168
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:10663
    P
    Security update for ffmpeg (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:5132
    P
    Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:5121
    P
    Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:51662
    P
    Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:5119
    P
    Security update for MozillaFirefox (Important)
    2021-09-22
    oval:org.opensuse.security:def:5110
    P
    Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:10692
    P
    Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:5101
    P
    Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:5792
    P
    Security update for apache-commons-compress (Important)
    2021-08-05
    oval:org.opensuse.security:def:5770
    P
    Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:5075
    P
    Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:5068
    P
    Security update for libgcrypt (Important)
    2021-06-24
    oval:org.opensuse.security:def:11487
    P
    zoo-2.10-1020.62 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11513
    P
    cups-pk-helper-0.2.5-3.75 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76830
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17001
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11535
    P
    freerdp-1.0.2-7.9 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10644
    P
    Security update for the Linux Kernel (Important)
    2021-06-08
    oval:org.opensuse.security:def:48670
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17049
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48718
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11300
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11465
    P
    sysvinit-tools-2.88+-94.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76596
    P
    flash-player-11.2.202.406-1.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11534
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:5053
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:10677
    P
    Security update for MozillaThunderbird (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:51896
    P
    Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:5045
    P
    Security update for postgresql10 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:5043
    P
    Security update for curl (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:38122
    P
    Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:38103
    P
    Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:5202
    P
    Security update for openssl-1_1 (Important)
    2021-03-25
    oval:org.opensuse.security:def:5183
    P
    Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:51723
    P
    Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:51485
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:4968
    P
    Security update for PackageKit (Low)
    2020-12-22
    oval:org.opensuse.security:def:51088
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP2) (Important)
    2020-12-07
    oval:org.opensuse.security:def:51089
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)
    2020-12-07
    oval:org.opensuse.security:def:10584
    P
    Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:4841
    P
    Security update for 389-ds (Important)
    2020-12-02
    oval:org.opensuse.security:def:4887
    P
    Security update for xen (Important)
    2020-12-02
    oval:org.opensuse.security:def:4811
    P
    Security update for apache2 (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:4934
    P
    Security update for libvirt (Important)
    2020-12-02
    oval:org.opensuse.security:def:4819
    P
    Security update for apache2 (Important)
    2020-12-02
    oval:org.opensuse.security:def:4949
    P
    Security update for spice-gtk (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:10805
    P
    libunrar-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37307
    P
    ppc64-diag on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10629
    P
    augeas-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10763
    P
    libneon-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52612
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:10630
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:10786
    P
    librsvg-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52765
    P
    Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51251
    P
    Security update for djvulibre (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38094
    P
    wpa_supplicant on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38846
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51345
    P
    Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38852
    P
    gnome-shell-calendar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37308
    P
    ppp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37640
    P
    perl-Config-IniFiles on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38006
    P
    mozilla-nspr-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10554
    P
    libtiff-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37587
    P
    libspice-server1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37995
    P
    libz1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10814
    P
    libxslt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10853
    P
    systemtap-sdt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10514
    P
    libksba-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52419
    P
    Security update for libqt5-qtbase (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53888
    P
    Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37355
    P
    xalan-j2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10811
    P
    libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52846
    P
    Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51489
    P
    Security update for python3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:52219
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52168
    P
    Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:38142
    P
    bubblewrap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38894
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37319
    P
    radvd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37697
    P
    update-alternatives on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37356
    P
    xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37688
    P
    sysvinit-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38054
    P
    rrdtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10827
    P
    ocaml on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10862
    P
    xfig on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10536
    P
    libraptor-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52493
    P
    Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53962
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10562
    P
    libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52653
    P
    Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54122
    P
    squashfs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52327
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:38166
    P
    dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52453
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38170
    P
    dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37403
    P
    cracklib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37787
    P
    ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37367
    P
    yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37745
    P
    busybox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51322
    P
    Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:10875
    P
    aaa_base-malloccheck on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10582
    P
    pam-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10738
    P
    libgnutls-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52531
    P
    Security update for munge (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52727
    P
    Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54196
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51111
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38055
    P
    rsync on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38804
    P
    sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51323
    P
    Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52561
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:38214
    P
    gv on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10506
    P
    libidn-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37539
    P
    libjbig2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37947
    P
    libpulse-mainloop-glib0-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37451
    P
    grub2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37835
    P
    krb5-appl-clients on GA media (Moderate)
    2020-12-01
    BACK
    joomlaworks com k2 * beta
    joomla joomla! *