CVE-2019-19634

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-19634

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19634.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19634

Aliases

GHSA-2gc7-w4hw-rr2m

Published

2019-12-17T18:15:14.870Z

Modified

2026-02-14T00:36:17.508537Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.

References

Affected packages

Git / github.com/verot/class.upload.php

Affected ranges

Type: GIT
Repo: https://github.com/verot/class.upload.php
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

db1b4fe50c1754696970d8b437f07e7b94a7ebf2

Introduced

adc88821397ccc2f17a9b0c579350b2f0b5aa56c

Fixed

bde864563f4fefa4a2f44993937f82effebb7e25

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19634.json"