Filtered by vendor Youphptube
Subscribe
Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5129 | 1 Youphptube | 1 Youphptube Encoder | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack. | |||||
| CVE-2019-5127 | 1 Youphptube | 1 Youphptube Encoder | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. | |||||
| CVE-2019-5151 | 1 Youphptube | 1 Youphptube | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2019-5128 | 1 Youphptube | 1 Youphptube Encoder | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. | |||||
| CVE-2019-16124 | 1 Youphptube | 1 Youphptube | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. | |||||
| CVE-2019-18662 | 1 Youphptube | 1 Youphptube | 2019-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | |||||