Vulnerability Details CVE-2019-19576
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.506
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html
- https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124
- https://github.com/jra89/CVE-2019-19576
- https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1
- https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2
- https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3
- https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4
- https://medium.com/%40jra8908/cve-2019-19576-e9da712b779
- https://www.verot.net
- https://www.verot.net/php_class_upload.htm
- http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html
- https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124
- https://github.com/jra89/CVE-2019-19576
- https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1
- https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2
- https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3
- https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4
- https://medium.com/%40jra8908/cve-2019-19576-e9da712b779
- https://www.verot.net
- https://www.verot.net/php_class_upload.htm
Products affected by CVE-2019-19576
-
cpe:2.3:a:getk2:k2:-
-
cpe:2.3:a:getk2:k2:2.10.1
-
cpe:2.3:a:verot_project:verot:1.0.0
-
cpe:2.3:a:verot_project:verot:1.0.1
-
cpe:2.3:a:verot_project:verot:1.0.2
-
cpe:2.3:a:verot_project:verot:2.0.0
-
cpe:2.3:a:verot_project:verot:2.0.1
-
cpe:2.3:a:verot_project:verot:2.0.2
-
cpe:2.3:a:verot_project:verot:2.0.3