PT-2019-17500 · Youphptube · Youphptube
Published
2019-10-31
·
Updated
2022-06-27
·
CVE-2019-5150
CVSS v3.1
8.9
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
YouPHPTube version 7.7
Description
An exploitable SQL injection issue exists when the
VideoTags plugin is enabled. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database, and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this issue.Recommendations
For YouPHPTube version 7.7, disable the
VideoTags plugin until a patch is available to prevent potential exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Youphptube