Impact
The K2 frontend item.checkin task exposes an unauthenticated sigProFolder query parameter that is used directly as a target for JFolder::delete() under the /media/k2/galleries directory. When an attacker supplies a path value, the application deletes that folder and all its contents. Loss of media assets can break galleries, themes, or other site functionality, causing data loss and reduced availability.
Affected Systems
This vulnerability affects the K2 extension for Joomla provided by getk2.com, for all deployment versions earlier than 2.26. Any Joomla site that has the K2 extension installed with the item.checkin task enabled and the root directory set to /media/k2/galleries is at risk.
Risk and Exploitability
Because authentication is not required, an attacker can craft a simple HTTP request including a sigProFolder parameter pointing to any folder under /media/k2/galleries. The exploit is remotely feasible, requiring no privileged access, and the CVSS score of 6.5 indicates medium severity. The vulnerability is not listed in CISA’s KEV catalog and no EPSS score is available.
OpenCVE Enrichment