Описание
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Product
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Product
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.3 (исключая)Версия от 2.0.0 (включая) до 2.0.4 (исключая)
Одно из
cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*
cpe:2.3:a:verot_project:verot:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.10.1 (включая)
cpe:2.3:a:getk2:k2:*:*:*:*:*:joomla\!:*:*
EPSS
Процентиль: 97%
0.44137
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
EPSS
Процентиль: 97%
0.44137
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434