CVE-2019-19576
CRITICAL9.8EPSS 50.6%Remote code execution in verot/class.upload.php
發布日:2020/1/16修改日:2023/11/8
描述
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
受影響套件(1)
- Packagist/verot/class.upload.phpfrom 0, < 1.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(11)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-19576
- WEBhttp://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html
- WEBhttps://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124
- WEBhttps://github.com/jra89/CVE-2019-19576
- WEBhttps://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1
- WEBhttps://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2
- WEBhttps://github.com/verot/class.upload.php/compare/1.0.2...1.0.3
- WEBhttps://github.com/verot/class.upload.php/compare/2.0.3...2.0.4
- WEBhttps://medium.com/@jra8908/cve-2019-19576-e9da712b779
- WEBhttps://www.verot.net
- WEBhttps://www.verot.net/php_class_upload.htm