verot/class.upload.php is a PHP class that can be used to upload files and manipulate images very easily.
Affected versions of this package are vulnerable to Arbitrary File Upload.
verot.net before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits
.phar from the set of dangerous file extensions.
verot/class.upload.php to version 1.0.3, 2.0.4 or higher.