CRITICALpublic-safe

CVE-2019-19634

NVD: class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! NVD: and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576. OSV: class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla!

CVSS
9.8 Severity
CRITICAL EPSS
0.0415 (90) KEV
-

Source-published summary

Possible impact

This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.

Affected context

vendor/product: verot_project / verot

Remediation / advisory

Remediation reference present; patch status requires confirmation in the linked advisory.

Why it matters

This critical severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for critical severity review.; CVSS 9.8 (CRITICAL); EPSS percentile 90; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, OSV.

What to verify

Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.

Exposure hint

exposure unknown

Impact tags

明示タグなし

Urgency reasons

CVSS CRITICALaffected product presentvendor advisory presentrecent update

Source-derived note

Summary derived from NVD / OSV description; unsafe procedural detail is not shown.

Redaction metadata

source summary used: True
fallback summary used: False
unsafe procedural detail present: false
raw source displayed: false
public summary redacted: true

Remediation handoff

Public-safe static handoff for human/Codex remediation planning. Scan, patch, external execution, and auto remediation are disabled.

Handoff JSON Handoff Markdown Safe Codex prompt

Safety note

This radar shows source-published defensive context only. Exploit procedures, exploit strings, scanner commands, and auto-remediation are not provided.