CVE-2015-7299

CVE-2015-7299

EPSS 2.3%

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/133953/K2-SmartForms-BlackPearl-SQL-Injection.html http://www.securityfocus.com/archive/1/536673/100/0/threaded