What is CVE-2019-19576?

CVE-2019-19576 is a vulnerability in N/a. Published 2019-12-04.

Is CVE-2019-19576 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.

EPSS: 0.506 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.verot.net/php_class_upload.htm (x_refsource_MISC)
www.verot.net (x_refsource_MISC)
github.com/verot/class.upload.php/compare/2.0.3...2.0.4 (x_refsource_MISC)
github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174… (x_refsource_MISC)
github.com/verot/class.upload.php/compare/1.0.2...1.0.3 (x_refsource_MISC)
github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7eb… (x_refsource_MISC)
github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124 (x_refsource_MISC)
github.com/jra89/CVE-2019-19576 (x_refsource_MISC)
medium.com/@jra8908/cve-2019-19576-e9da712b779 (x_refsource_MISC)
packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-19576?: CVE-2019-19576 is a vulnerability in N/a. Published 2019-12-04.
Is CVE-2019-19576 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.