PT-2019-17490 · Youphptube · Youphptube

Publicado

2019-10-25

Atualizado

2022-07-17

CVE-2019-5121

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions YouPHPTube version 7.6

Description The issue allows for SQL injection attacks in the authenticated section of the software. An attacker can craft special web requests to inject SQL code, potentially exploiting the uuid parameter in the "/objects/pluginSwitch.json.php" API endpoint.

Recommendations For YouPHPTube version 7.6, consider restricting access to the "/objects/pluginSwitch.json.php" API endpoint until a patch is available, and avoid using the uuid parameter in this endpoint to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2019-5121

Produtos afetados

Youphptube

PT-2019-17490 · Youphptube · Youphptube

CVE-2019-5121

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3