class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
References
Configurations
History
21 Nov 2024, 04:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 - Patch, Third Party Advisory | |
References | () https://github.com/jra89/CVE-2019-19576 - Exploit, Third Party Advisory | |
References | () https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1 - Patch, Third Party Advisory | |
References | () https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2 - Patch, Third Party Advisory | |
References | () https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3 - Patch, Third Party Advisory | |
References | () https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4 - Patch, Third Party Advisory | |
References | () https://medium.com/%40jra8908/cve-2019-19576-e9da712b779 - | |
References | () https://www.verot.net - Product | |
References | () https://www.verot.net/php_class_upload.htm - Vendor Advisory |
Information
Published : 2019-12-04 18:15
Updated : 2024-11-21 04:34
NVD link : CVE-2019-19576
Mitre link : CVE-2019-19576
CVE.ORG link : CVE-2019-19576
JSON object : View
Products Affected
verot_project
- verot
getk2
- k2
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type