NotCVE - vendor:"Verot Project" product:"Verot" version:" >= 2.0.0

2 results (0.018 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2

CVE-2019-19634

https://notcve.org/view.php?id=CVE-2019-19634

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. El archivo class.upload.php en verot.net class.upload versiones hasta la versión 1.0.3 y versiones 2.x hasta 2.0.4, como es usado en la extensión K2 para Joomla! y otros productos, omite .pht del conjunto de extensiones de archivo peligrosas, un problema similar al CVE-2019-19576. • https://github.com/jra89/CVE-2019-19634 https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068 https://medium.com/%40jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 40%CPEs: 3EXPL: 3

CVE-2019-19576 – Verot 2.0.3 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions. El archivo class.upload.php en verot.net class.upload versiones anteriores a la versión 1.0.3 y versiones 2.x anteriores a la versión 2.0.4, como es usado en la extensión K2 para Joomla! y otros productos, omite .phar del conjunto de extensiones de archivos peligrosos. Verot version 2.0.3 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/47749 https://github.com/jra89/CVE-2019-19576 http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html https://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1 https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2 https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3 https://github.com/verot&#x • CWE-434: Unrestricted Upload of File with Dangerous Type •