CVE-2019-19576
- Source
- https://cve.org/CVERecord?id=CVE-2019-19576
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19576.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-19576
- Aliases
- Published
- 2019-12-04T18:15:16.353Z
- Modified
- 2026-02-15T07:50:35.285574Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
- References
-
- https://medium.com/%40jra8908/cve-2019-19576-e9da712b779
- https://www.verot.net
- http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html
- https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124
- https://github.com/jra89/CVE-2019-19576
- https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1
- https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2
- https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3
- https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4
- https://www.verot.net/php_class_upload.htm
- https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124
- https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1
- https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2
- https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3
- https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4
- http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html
- https://github.com/jra89/CVE-2019-19576