CVSS: 9.8EPSS: 15%CPEs: 3EXPL: 2CVE-2019-19634
https://notcve.org/view.php?id=CVE-2019-19634
17 Dec 2019 — class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. El archivo class.upload.php en verot.net class.upload versiones hasta la versión 1.0.3 y versiones 2.x hasta 2.0.4, como es usado en la extensión K2 para Joomla! y otros productos, omite .pht del conjunto de extensiones de archivo peligrosas, un problema similar al CVE-2019-19576. • https://github.com/jra89/CVE-2019-19634 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 44%CPEs: 3EXPL: 4CVE-2019-19576 – Verot 2.0.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-19576
04 Dec 2019 — class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. El archivo class.upload.php en verot.net class.upload versiones anteriores a la versión 1.0.3 y versiones 2.x anteriores a la versión 2.0.4, como es usado en la extensión K2 para Joomla! y otros productos, omite .phar del conjunto de extensiones de archivos peligrosos. Verot version 2.0.3 suffers from a remote code ex... • https://packetstorm.news/files/id/155577 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-7482 – Joomla! K2 2.8.0 Arbitrary File Download
https://notcve.org/view.php?id=CVE-2018-7482
27 Feb 2018 — The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. • https://packetstorm.news/files/id/146594 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •