CVE-2009-2395

Name of the Vulnerable Software and Affected Versions Joomla! K2 (com k2) component version 1.0.1 Beta and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the category parameter in an itemlist action to "index.php".

Recommendations For K2 (com k2) component version 1.0.1 Beta and earlier, update to a version later than 1.0.1 Beta to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint for the itemlist action until a patch is available. Avoid using the category parameter in the affected API endpoint until the issue is resolved.