Vulnerabilities (CVE)

Filtered by vendor Getk2 Subscribe
Filtered by product K2
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19634 2 Getk2, Verot Project 2 K2, Verot 2024-11-21 7.5 HIGH 9.8 CRITICAL
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
CVE-2019-19576 2 Getk2, Verot Project 2 K2, Verot 2024-11-21 7.5 HIGH 9.8 CRITICAL
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.