CVE-2019-5116

Name of the Vulnerable Software and Affected Versions YouPHPTube version 7.6

Description An exploitable SQL injection issue exists in the authenticated part of the software. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this issue, potentially allowing exfiltration of the database, user credentials, and in certain configurations, access to the underlying operating system.

Recommendations For YouPHPTube version 7.6, consider restricting access to authenticated parts of the application until a patch is available. As a temporary workaround, avoid using parameters that may contain SQL injection attacks in web requests. At the moment, there is no information about a newer version that contains a fix for this issue.