CVE-2009-2395 – Joomla! Component com_K2 -q 1.0.1b - 'category' SQL Injection

https://notcve.org/view.php?id=CVE-2009-2395

SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. Vulnerabilidad de inyección de SQL en el componente K2 (com_k2) v1.0.1 beta y anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro categoría (category)en una acción itemlist a index.php. • https://www.exploit-db.com/exploits/9030 http://www.exploit-db.com/exploits/9030 http://www.securityfocus.com/bid/35517 http://www.vupen.com/english/advisories/2009/1733 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •