CVE-2019-19634

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19634

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19634.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19634

Aliases

GHSA-2gc7-w4hw-rr2m

Published

2019-12-17T18:15:14Z

Modified

2024-05-30T02:02:57.095472Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.

References

Affected packages

Git / github.com/verot/class.upload.php

Affected ranges

Type: GIT
Repo: https://github.com/verot/class.upload.php
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

db1b4fe50c1754696970d8b437f07e7b94a7ebf2

Affected versions

1.*

1.0.0

1.0.1

1.0.2