CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
References
Link Resource
http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 Patch Third Party Advisory
https://github.com/jra89/CVE-2019-19576 Exploit Third Party Advisory
https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1 Patch Third Party Advisory
https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2 Patch Third Party Advisory
https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3 Patch Third Party Advisory
https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4 Patch Third Party Advisory
https://medium.com/%40jra8908/cve-2019-19576-e9da712b779
https://www.verot.net Product
https://www.verot.net/php_class_upload.htm Vendor Advisory
http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 Patch Third Party Advisory
https://github.com/jra89/CVE-2019-19576 Exploit Third Party Advisory
https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1 Patch Third Party Advisory
https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2 Patch Third Party Advisory
https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3 Patch Third Party Advisory
https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4 Patch Third Party Advisory
https://medium.com/%40jra8908/cve-2019-19576-e9da712b779
https://www.verot.net Product
https://www.verot.net/php_class_upload.htm Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*
cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:getk2:k2:*:*:*:*:*:joomla\!:*:*

History

21 Nov 2024, 04:34

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 - Patch, Third Party Advisory () https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 - Patch, Third Party Advisory
References () https://github.com/jra89/CVE-2019-19576 - Exploit, Third Party Advisory () https://github.com/jra89/CVE-2019-19576 - Exploit, Third Party Advisory
References () https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1 - Patch, Third Party Advisory () https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1 - Patch, Third Party Advisory
References () https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2 - Patch, Third Party Advisory () https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2 - Patch, Third Party Advisory
References () https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3 - Patch, Third Party Advisory () https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3 - Patch, Third Party Advisory
References () https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4 - Patch, Third Party Advisory () https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4 - Patch, Third Party Advisory
References () https://medium.com/%40jra8908/cve-2019-19576-e9da712b779 - () https://medium.com/%40jra8908/cve-2019-19576-e9da712b779 -
References () https://www.verot.net - Product () https://www.verot.net - Product
References () https://www.verot.net/php_class_upload.htm - Vendor Advisory () https://www.verot.net/php_class_upload.htm - Vendor Advisory

Information

Published : 2019-12-04 18:15

Updated : 2024-11-21 04:34


NVD link : CVE-2019-19576

Mitre link : CVE-2019-19576

CVE.ORG link : CVE-2019-19576


JSON object : View

Products Affected

verot_project

  • verot

getk2

  • k2
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type