Vulnerabilities > Getk2

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-19634 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
network
low complexity
verot-project getk2 CWE-434
critical
9.8
2019-12-04 CVE-2019-19576 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
network
low complexity
verot-project getk2 CWE-434
critical
9.8