SQL Injection Vulnerability in K2 Blackpearl, Smartforms, and K2 for SharePoint 4.6.7 via AjaxCall.ashx
CVE-2015-7299 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.
Learn more about our Cis Benchmark Audit For Microsoft Sharepoint.