CVE-2021-47749

Name of the Vulnerable Software and Affected Versions YouPHPTube versions prior to 7.9

Description The software contains a local file inclusion issue that allows unauthenticated attackers to access arbitrary files. This is possible by manipulating the lang parameter in GET requests. The path traversal flaw exists in the locale/function.php file, enabling attackers to include and view PHP files outside the intended directory using directory traversal sequences.

Recommendations Update to version 7.9 or later.