Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Youphptube
(Youphptube)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 18 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-09-09 | CVE-2019-16124 | In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. | Youphptube | 9.8 | ||
2021-11-01 | CVE-2021-25874 | AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | Youphptube | 7.5 | ||
2021-11-01 | CVE-2021-25875 | AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | Youphptube | 6.1 | ||
2021-11-01 | CVE-2021-25876 | AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | Youphptube | 6.1 | ||
2021-11-01 | CVE-2021-25877 | AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. | Youphptube | 7.2 | ||
2021-11-01 | CVE-2021-25878 | AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | Youphptube | 6.1 | ||
2019-10-25 | CVE-2019-5114 | An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. | Youphptube | 9.9 | ||
2019-10-25 | CVE-2019-5116 | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | Youphptube | 8.8 | ||
2019-10-25 | CVE-2019-5117 | Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | Youphptube | 8.8 | ||
2019-10-25 | CVE-2019-5119 | An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | Youphptube | 8.8 |