CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*
cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:getk2:k2:*:*:*:*:*:joomla\!:*:*

History

21 Nov 2024, 04:35

Type Values Removed Values Added
References () https://github.com/jra89/CVE-2019-19634 - Third Party Advisory () https://github.com/jra89/CVE-2019-19634 - Third Party Advisory
References () https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068 - Exploit, Third Party Advisory () https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068 - Exploit, Third Party Advisory
References () https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e - () https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e -

Information

Published : 2019-12-17 18:15

Updated : 2024-11-21 04:35


NVD link : CVE-2019-19634

Mitre link : CVE-2019-19634

CVE.ORG link : CVE-2019-19634


JSON object : View

Products Affected

verot_project

  • verot

getk2

  • k2
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type