SQL Injection Vulnerability in K2 Blackpearl, Smartforms, and K2 for SharePoint 4.6.7 via AjaxCall.ashx

SQL Injection Vulnerability in K2 Blackpearl, Smartforms, and K2 for SharePoint 4.6.7 via AjaxCall.ashx

CVE-2015-7299 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sharepoint.