CVE-2019-16124

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions YouPHPTube version 7.4

Description The issue arises from the lack of access control in the file install/checkConfiguration.php, allowing anyone to edit the configuration file and potentially insert malicious PHP code.

Recommendations For YouPHPTube version 7.4, consider restricting access to the install/checkConfiguration.php file until a patch is available, or apply appropriate access controls to prevent unauthorized modifications to the configuration file.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-16124

Affected Products

Youphptube

CVE-2019-16124

Weakness Enumeration

Related Identifiers

Affected Products

References · 5