CVE-2019-19634

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-19634

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19634.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-19634

Aliases

GHSA-2gc7-w4hw-rr2m

Published

2019-12-17T18:15:14.870Z

Modified

2026-03-12T23:03:47.451856Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.

References

Affected packages

Git / github.com/verot/class.upload.php

Affected ranges

Type

GIT

Repo

https://github.com/verot/class.upload.php

Events

Introduced

Fixed

db1b4fe50c1754696970d8b437f07e7b94a7ebf2

Introduced

adc88821397ccc2f17a9b0c579350b2f0b5aa56c

Fixed

bde864563f4fefa4a2f44993937f82effebb7e25

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.3"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.4"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19634.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.10.1"
            }
        ]
    }
]