Search criteria
6 vulnerabilities found for k2 by getk2
FKIE_CVE-2019-19634
Vulnerability from fkie_nvd - Published: 2019-12-17 18:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| verot_project | verot | * | |
| verot_project | verot | * | |
| getk2 | k2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F26FB9-CDF6-483C-9E4C-501DA3FC14F8",
"versionEndExcluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496BFED6-1C37-4826-B1B9-6CA8F7E034FF",
"versionEndExcluding": "2.0.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getk2:k2:*:*:*:*:*:joomla\\!:*:*",
"matchCriteriaId": "A358C664-C94F-4BBD-BCEE-A4E22B9FB018",
"versionEndIncluding": "2.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
},
{
"lang": "es",
"value": "El archivo class.upload.php en verot.net class.upload versiones hasta la versi\u00f3n 1.0.3 y versiones 2.x hasta 2.0.4, como es usado en la extensi\u00f3n K2 para Joomla! y otros productos, omite .pht del conjunto de extensiones de archivo peligrosas, un problema similar al CVE-2019-19576."
}
],
"id": "CVE-2019-19634",
"lastModified": "2024-11-21T04:35:06.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T18:15:14.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jra89/CVE-2019-19634"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/jra89/CVE-2019-19634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-19576
Vulnerability from fkie_nvd - Published: 2019-12-04 18:15 - Updated: 2024-11-21 04:34
Severity ?
Summary
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| verot_project | verot | * | |
| verot_project | verot | * | |
| getk2 | k2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F26FB9-CDF6-483C-9E4C-501DA3FC14F8",
"versionEndExcluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496BFED6-1C37-4826-B1B9-6CA8F7E034FF",
"versionEndExcluding": "2.0.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:getk2:k2:*:*:*:*:*:joomla\\!:*:*",
"matchCriteriaId": "A358C664-C94F-4BBD-BCEE-A4E22B9FB018",
"versionEndIncluding": "2.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
},
{
"lang": "es",
"value": "El archivo class.upload.php en verot.net class.upload versiones anteriores a la versi\u00f3n 1.0.3 y versiones 2.x anteriores a la versi\u00f3n 2.0.4, como es usado en la extensi\u00f3n K2 para Joomla! y otros productos, omite .phar del conjunto de extensiones de archivos peligrosos."
}
],
"id": "CVE-2019-19576",
"lastModified": "2024-11-21T04:34:58.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-04T18:15:16.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.verot.net"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.verot.net"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.verot.net/php_class_upload.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-19634 (GCVE-0-2019-19634)
Vulnerability from cvelistv5 – Published: 2019-12-17 17:11 – Updated: 2024-08-05 02:25
VLAI?
Summary
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T17:13:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"name": "https://github.com/jra89/CVE-2019-19634",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19634",
"datePublished": "2019-12-17T17:11:29",
"dateReserved": "2019-12-08T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19576 (GCVE-0-2019-19576)
Vulnerability from cvelistv5 – Published: 2019-12-04 17:33 – Updated: 2024-08-05 02:16
VLAI?
Summary
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T17:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.verot.net/php_class_upload.htm",
"refsource": "MISC",
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"name": "https://www.verot.net",
"refsource": "MISC",
"url": "https://www.verot.net"
},
{
"name": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"name": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"name": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"name": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"name": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124",
"refsource": "MISC",
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"name": "https://github.com/jra89/CVE-2019-19576",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779"
},
{
"name": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19576",
"datePublished": "2019-12-04T17:33:34",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-05T02:16:48.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19634 (GCVE-0-2019-19634)
Vulnerability from nvd – Published: 2019-12-17 17:11 – Updated: 2024-08-05 02:25
VLAI?
Summary
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T17:13:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"name": "https://github.com/jra89/CVE-2019-19634",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19634",
"datePublished": "2019-12-17T17:11:29",
"dateReserved": "2019-12-08T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19576 (GCVE-0-2019-19576)
Vulnerability from nvd – Published: 2019-12-04 17:33 – Updated: 2024-08-05 02:16
VLAI?
Summary
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T17:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.verot.net/php_class_upload.htm",
"refsource": "MISC",
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"name": "https://www.verot.net",
"refsource": "MISC",
"url": "https://www.verot.net"
},
{
"name": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"name": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"name": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"name": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"name": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124",
"refsource": "MISC",
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"name": "https://github.com/jra89/CVE-2019-19576",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779"
},
{
"name": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19576",
"datePublished": "2019-12-04T17:33:34",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-05T02:16:48.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}