CVE-2019-5119

Name of the Vulnerable Software and Affected Versions YouPHPTube version 7.6

Description An exploitable SQL injection issue exists in the authenticated part of the software. Specially crafted web requests can cause SQL injections, potentially allowing an attacker to exfiltrate the database, obtain user credentials, and in certain configurations, access the underlying operating system.

Recommendations For YouPHPTube version 7.6, consider restricting access to authenticated parts of the application until a fix is available, and avoid using user-inputted parameters in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.