class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 | Patch Third Party Advisory |
https://github.com/jra89/CVE-2019-19576 | Exploit Third Party Advisory |
https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1 | Patch Third Party Advisory |
https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2 | Patch Third Party Advisory |
https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3 | Patch Third Party Advisory |
https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4 | Patch Third Party Advisory |
https://medium.com/%40jra8908/cve-2019-19576-e9da712b779 | |
https://www.verot.net | Product |
https://www.verot.net/php_class_upload.htm | Vendor Advisory |
Configurations
History
07 Nov 2023, 03:07
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-12-04 18:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-19576
Mitre link : CVE-2019-19576
CVE.ORG link : CVE-2019-19576
JSON object : View
Products Affected
getk2
- k2
verot_project
- verot
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type