CVE-2019-19576

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
3
PROJECTS

Description

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.

verot/class.upload.php
verot/class.upload.php
This PHP class uploads files and manipulates images very easily. It is in fact as much as an image processing class than it is an upload class. Compatible with PHP 4, 5, 7 and 8. Supports processing of local files, uploaded files, files sent through XMLHttpRequest.
GitHubGitHub
881
getk2/k2
getk2/k2
K2 - the powerful content extension for Joomla
GitHubGitHub
138
jra89/CVE-2019-19576
jra89/CVE-2019-19576
This is a filter bypass exploit that results in arbitrary file upload and remote code execution in class.upload.php <= 2.0.3
GitHubGitHub
12