Zurück zur CVE-Übersicht
CVE-2019-19634
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score26/100 — MITTEL
- CVSS 9.8 — Kritisch
EPSS-Score
4%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Referenzen
- https://github.com/jra89/CVE-2019-19634
- https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068
- https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-uplo...
- https://github.com/jra89/CVE-2019-19634
- https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068
- https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-uplo...