Home > Vulnerability Database > CVE-2019-19634

Mend.io Vulnerability Database

CVE-2019-19634

Good to know:

Date: December 17, 2019

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.

Language: PHP

Severity Score

7.1

Related Resources (5)

Url: https://github.com/jra89/CVE-2019-19634

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-19634

Url: https://github.com/verot/class.upload.php/blob/2.0.4/src/class.upload.php#L3068

Url: https://medium.com/@jra8908/cve-2019-19634-arbitrary-file-upload-in-class-upload-php-ccaf9e13875e

Url: https://www.mend.io/vulnerability-database/CVE-2019-19634

Severity Score

7.1

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Top Fix

Upgrade Version

Upgrade to version 2.0.5;1.0.4

Learn More

CVSS v3

Base Score:	7.1
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE

CVSS v2

Base Score:	7.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-19634

Good to know:

Date: December 17, 2019

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?