Verot Project: community verdicts
2 notable / known-exploited Verot Project CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Verot Project CVE, see NVD ↗.
- CVE-2019-19576CRIT 9.8EPSS 26%
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
- CVE-2019-19634CRIT 9.8Real · low riskEPSS 4%
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.