VulnerableCode Package Details - pkg:composer/verot/class.upload.php@1.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-8mns-vm7m-dbhx Aliases: CVE-2019-19634 GHSA-2gc7-w4hw-rr2m	class.upload.php in verot.net omits .pht from the set of dangerous file extensions	2.0.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-z1rd-keuw-r7e8 Aliases: CVE-2023-6551 GHSA-v6f4-jwv9-682w	As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-8mns-vm7m-dbhx
Aliases:
CVE-2019-19634
GHSA-2gc7-w4hw-rr2m

class.upload.php in verot.net omits .pht from the set of dangerous file extensions

2.0.4
Affected by 2 other vulnerabilities.

VCID-z1rd-keuw-r7e8
Aliases:
CVE-2023-6551
GHSA-v6f4-jwv9-682w

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-8mns-vm7m-dbhx	class.upload.php in verot.net omits .pht from the set of dangerous file extensions	CVE-2019-19634 GHSA-2gc7-w4hw-rr2m
VCID-uc9e-8b7x-sqft	Remote code execution in verot/class.upload.php	CVE-2019-19576 GHSA-r5gm-4p5w-pq2p

Vulnerability

Summary

Aliases

VCID-8mns-vm7m-dbhx

class.upload.php in verot.net omits .pht from the set of dangerous file extensions

CVE-2019-19634
GHSA-2gc7-w4hw-rr2m

VCID-uc9e-8b7x-sqft

Remote code execution in verot/class.upload.php

CVE-2019-19576
GHSA-r5gm-4p5w-pq2p

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T15:06:56.223914+00:00	GitLab Importer	Fixing	VCID-uc9e-8b7x-sqft	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/verot/class.upload.php/CVE-2019-19576.yml	38.6.0
2026-06-12T19:16:03.142315+00:00	GitLab Importer	Affected by	VCID-z1rd-keuw-r7e8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/verot/class.upload.php/CVE-2023-6551.yml	38.6.0
2026-06-12T17:16:32.963419+00:00	GitLab Importer	Fixing	VCID-8mns-vm7m-dbhx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/verot/class.upload.php/CVE-2019-19634.yml	38.6.0
2026-06-12T08:01:26.138716+00:00	GithubOSV Importer	Fixing	VCID-uc9e-8b7x-sqft	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-r5gm-4p5w-pq2p/GHSA-r5gm-4p5w-pq2p.json	38.6.0
2026-06-11T20:25:54.759064+00:00	GHSA Importer	Affected by	VCID-8mns-vm7m-dbhx	https://github.com/advisories/GHSA-2gc7-w4hw-rr2m	38.6.0
2026-06-11T20:25:46.115965+00:00	GHSA Importer	Fixing	VCID-uc9e-8b7x-sqft	https://github.com/advisories/GHSA-r5gm-4p5w-pq2p	38.6.0