PT-2019-17490 · Youphptube · Youphptube

Published

2019-10-25

Updated

2022-07-17

CVE-2019-5121

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions YouPHPTube version 7.6

Description The issue allows for SQL injection attacks in the authenticated section of the software. An attacker can craft special web requests to inject SQL code, potentially exploiting the uuid parameter in the "/objects/pluginSwitch.json.php" API endpoint.

Recommendations For YouPHPTube version 7.6, consider restricting access to the "/objects/pluginSwitch.json.php" API endpoint until a patch is available, and avoid using the uuid parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-5121

Affected Products

Youphptube

PT-2019-17490 · Youphptube · Youphptube

CVE-2019-5121

Weakness Enumeration

Related Identifiers

Affected Products

References · 3