Critical severityNVD Advisory· Published Dec 4, 2019· Updated Aug 5, 2024
CVE-2019-19576
CVE-2019-19576
Description
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
verot/class.upload.phpPackagist | < 1.0.3 | 1.0.3 |
verot/class.upload.phpPackagist | >= 2.0.0, < 2.0.4 | 2.0.4 |
Affected products
2- verot.net/class.uploaddescription
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-r5gm-4p5w-pq2pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-19576ghsaADVISORY
- packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.htmlghsax_refsource_MISCWEB
- github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124ghsax_refsource_MISCWEB
- github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1ghsax_refsource_MISCWEB
- github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2ghsax_refsource_MISCWEB
- github.com/verot/class.upload.php/compare/1.0.2...1.0.3ghsax_refsource_MISCWEB
- github.com/verot/class.upload.php/compare/2.0.3...2.0.4ghsax_refsource_MISCWEB
- medium.com/%40jra8908/cve-2019-19576-e9da712b779mitrex_refsource_MISC
- medium.com/@jra8908/cve-2019-19576-e9da712b779ghsaWEB
- www.verot.netghsax_refsource_MISCWEB
- www.verot.net/php_class_upload.htmghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.