verot/class.upload.php allows unrestricted file upload. The lack of file extension validation on file uploads allow a remote attacker to upload malicious files ending with .phar
. When browsing to the uploaded file, the server executes the code in the file in the context of the server.
CPE | Name | Operator | Version |
---|---|---|---|
verot/class.upload.php | le | 1.0.2 | |
verot/class.upload.php | le | 2.0.3 | |
verot/class.upload.php | le | 1.0.2 | |
verot/class.upload.php | le | 2.0.3 |
packetstormsecurity.com/files/155577/Verot-2.0.3-Remote-Code-Execution.html
github.com/advisories/GHSA-r5gm-4p5w-pq2p
github.com/getk2/k2/commit/d1344706c4b74c2ae7659b286b5a066117155124
github.com/jra89/CVE-2019-19576
github.com/verot/class.upload.php/commit/5a7505ddec956fdc9e9c071ae5089865559174f1
github.com/verot/class.upload.php/commit/db1b4fe50c1754696970d8b437f07e7b94a7ebf2
github.com/verot/class.upload.php/compare/1.0.2...1.0.3
github.com/verot/class.upload.php/compare/2.0.3...2.0.4
medium.com/@jra8908/cve-2019-19576-e9da712b779
www.verot.net
www.verot.net/php_class_upload.htm