CVE-2019-19576: Malicious File Upload
First published: Wed Dec 04 2019(Updated: )
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Verot Project Verot | <1.0.3 | |
| Verot Project Verot | >=2.0.0<2.0.4 | |
| Joomlaworks K2 | <=2.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html
- https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124
- https://github.com/jra89/CVE-2019-19576
- https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1
- https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2
- https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3
- https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4
- https://medium.com/@jra8908/cve-2019-19576-e9da712b779
- https://www.verot.net
- https://www.verot.net/php_class_upload.htm
- https://medium.com/%40jra8908/cve-2019-19576-e9da712b779
Frequently Asked Questions
What is the severity of CVE-2019-19576?
The severity of CVE-2019-19576 is critical with a CVSS score of 9.8.
Which software versions are affected by CVE-2019-19576?
Versions before 1.0.3 of Verot Project Verot and versions between 2.0.0 and 2.0.4 of Verot Project Verot are affected by CVE-2019-19576. Additionally, versions up to and including 2.10.1 of Getk2 K2 are also affected.
What is the vulnerability of CVE-2019-19576?
CVE-2019-19576 is a remote code execution vulnerability in class.upload.php, which is used in the K2 extension for Joomla! and other products.
How can I fix CVE-2019-19576?
To fix CVE-2019-19576, you should update to version 1.0.3 for Verot Project Verot, update to a version higher than 2.0.4 for Verot Project Verot, or update to a version higher than 2.10.1 for Getk2 K2.
Where can I find more information about CVE-2019-19576?
You can find more information about CVE-2019-19576 at the following references: http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html, https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124, https://github.com/jra89/CVE-2019-19576.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/verot project
- canonical/verot project verot
- version/verot project verot/2.0.0
- vendor/getk2
- canonical/joomlaworks k2
- version/joomlaworks k2/2.10.1