CVE-2019-19634

Name of the Vulnerable Software and Affected Versions class.upload.php versions 1.0.0 through 1.0.3 class.upload.php versions 2.0.0 through 2.0.4

Description The issue is related to the omission of .pht from the set of dangerous file extensions in class.upload.php, which is similar to a previously known issue. This affects products that use this class, such as the K2 extension for Joomla.

Recommendations For class.upload.php versions 1.0.0 through 1.0.3, update to a version that includes .pht in the set of dangerous file extensions. For class.upload.php versions 2.0.0 through 2.0.4, update to a version that includes .pht in the set of dangerous file extensions. As a temporary workaround, consider manually adding .pht to the set of dangerous file extensions to prevent potential exploitation.