Search criteria
2 vulnerabilities by verot_project
CVE-2019-19634 (GCVE-0-2019-19634)
Vulnerability from cvelistv5 – Published: 2019-12-17 17:11 – Updated: 2024-08-05 02:25
VLAI?
Summary
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T17:13:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19634"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e"
},
{
"name": "https://github.com/jra89/CVE-2019-19634",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19634"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19634",
"datePublished": "2019-12-17T17:11:29",
"dateReserved": "2019-12-08T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19576 (GCVE-0-2019-19576)
Vulnerability from cvelistv5 – Published: 2019-12-04 17:33 – Updated: 2024-08-05 02:16
VLAI?
Summary
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:48.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T17:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.verot.net"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40jra8908/cve-2019-19576-e9da712b779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.verot.net/php_class_upload.htm",
"refsource": "MISC",
"url": "https://www.verot.net/php_class_upload.htm"
},
{
"name": "https://www.verot.net",
"refsource": "MISC",
"url": "https://www.verot.net"
},
{
"name": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4"
},
{
"name": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1"
},
{
"name": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3"
},
{
"name": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2",
"refsource": "MISC",
"url": "https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2"
},
{
"name": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124",
"refsource": "MISC",
"url": "https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124"
},
{
"name": "https://github.com/jra89/CVE-2019-19576",
"refsource": "MISC",
"url": "https://github.com/jra89/CVE-2019-19576"
},
{
"name": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779",
"refsource": "MISC",
"url": "https://medium.com/@jra8908/cve-2019-19576-e9da712b779"
},
{
"name": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19576",
"datePublished": "2019-12-04T17:33:34",
"dateReserved": "2019-12-04T00:00:00",
"dateUpdated": "2024-08-05T02:16:48.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}