QSearchQSearch

CVE-2019-19576

9.8 CRITICAL

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla

Published: 2019-12-04 · Last updated: 2026-06-26

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-434

Affected products

VendorProduct
joomlaworksk2, verot
verot_projectk2, verot

Description

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2019-19634 class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla (9.8 CRITICAL)

Same CWE

  • CVE-2026-40750 Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server (9.9 CRITICAL)
  • CVE-2026-6933 The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and inclu... (8.8 HIGH)
  • CVE-2026-40772 Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions (10.0 CRITICAL)
  • CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions (9.9 CRITICAL)
  • CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions (5.4 MEDIUM)