CVE-2019-18662

Name of the Vulnerable Software and Affected Versions YouPHPTube versions through 7.7

Description An issue was discovered where user input passed through the live stream code parameter to the "/plugin/LiveChat/getChat.json.php" endpoint is not properly sanitized. This can be exploited by malicious users to read sensitive data from the database through in-band SQL Injection attacks. The exploitation of this issue requires the Live Chat plugin to be enabled.

Recommendations For YouPHPTube versions through 7.7, consider disabling the Live Chat plugin until a patch is available to prevent exploitation of this issue. Additionally, restrict access to the "/plugin/LiveChat/getChat.json.php" endpoint to minimize the risk of SQL Injection attacks. Avoid using the live stream code parameter in the affected endpoint until the issue is resolved.