verot/class.upload.php

GitHub

github.com

www.verot.net

Releases30

Frequency1 month 3 weeks

Last Release over 2 years ago

Stars881

This PHP class uploads files and manipulates images very easily. It is in fact as much as an image processing class than it is an upload class. Compatible with PHP 4, 5, 7 and 8. Supports processing of local files, uploaded files, files sent through XMLHttpRequest.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-19634 ↗	Dec 17, 2019Tuesday, 17 December 2019, 18:15	9.8 CRITICAL	7.5 HIGH
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
CVE-2019-19576 ↗	Dec 4, 2019Wednesday, 4 December 2019, 18:15	9.8 CRITICAL	7.5 HIGH
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.