CVE-2021-25877

Name of the Vulnerable Software and Affected Versions AVideo/YouPHPTube versions 10.0 and prior

Description The issue allows an administrator-privileged user to write files on the filesystem using flag and code variables in the file save.php. This is due to insecure file write.

Recommendations For versions 10.0 and prior, as a temporary workaround, consider restricting access to the save.php file until a patch is available. Avoid using the flag and code variables in the affected file save.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.