CVE-2019-5150

Name of the Vulnerable Software and Affected Versions YouPHPTube version 7.7

Description An exploitable SQL injection issue exists when the VideoTags plugin is enabled. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database, and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this issue.

Recommendations For YouPHPTube version 7.7, disable the VideoTags plugin until a patch is available to prevent potential exploitation.