This is a filter bypass exploit that results in arbitrary file upload and remote code execution in class.upload.php <= 2.0.4
CVE-2019-19634 - classuploadphp <= 204 Arbitrary file upload Author - Jinny Ramsmark Affected vendor - Verotnet Affected product - classuploadphp <= 204 Tested on newly installed Ubuntu 1404 with PHP5 and Apache Specifically Debian/Ubuntu has been found to be vulnerable since they add the pht extension among others to available PHP handlers In this cas