Vulnerability Description
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nintex | K2 Blackpearl | 4.6.7 |
| Nintex | K2 For Sharepoint | 4.6.7 |
| Nintex | K2 Smartforms | 4.6.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133953/K2-SmartForms-BlackPearl-SQL-InjectiExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/536673/100/0/threadedThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/133953/K2-SmartForms-BlackPearl-SQL-InjectiExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/536673/100/0/threadedThird Party AdvisoryVDB Entry
FAQ
What is CVE-2015-7299?
CVE-2015-7299 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.
How severe is CVE-2015-7299?
CVE-2015-7299 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7299?
Check the references section above for vendor advisories and patch information. Affected products include: Nintex K2 Blackpearl, Nintex K2 For Sharepoint, Nintex K2 Smartforms.