CVE-2019-19576
CVE-2019-19576
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 3
githubgithub.com/jra89/CVE-2019-19576★ 12cve_referencepacketstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/47749não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.htmlhttps://github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124https://github.com/jra89/CVE-2019-19576https://github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1https://github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2https://github.com/verot/class.upload.php/compare/1.0.2...1.0.3https://github.com/verot/class.upload.php/compare/2.0.3...2.0.4https://medium.com/%40jra8908/cve-2019-19576-e9da712b779https://www.verot.nethttps://www.verot.net/php_class_upload.htm