CVE-2019-5122

Name of the Vulnerable Software and Affected Versions YouPHPTube version 7.6

Description The issue allows for SQL injection attacks in the authenticated section. An attacker can craft special web requests to inject SQL code, potentially exploiting the Parameter name in the /objects/pluginSwitch.json.php API endpoint.

Recommendations For YouPHPTube version 7.6, consider restricting access to the /objects/pluginSwitch.json.php endpoint until a patch is available. As a temporary workaround, avoid using the Parameter name in the affected API endpoint to minimize the risk of exploitation.