CyberSec.Space Logo
Back to CVE Browser

CVE-2019-16124

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile5.28th
PublishedSep 9, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.

Affected Platforms (CPE)

πŸ“¦
Youphptube

Youphptube

<= 7.4

References & Advisories

πŸ”— https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883
πŸ”— https://www.exploit-db.com/exploits/47326
πŸ”— https://zerodays.lol/
πŸ”— https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883
πŸ”— https://www.exploit-db.com/exploits/47326
πŸ”— https://zerodays.lol/

Related Vulnerabilities

CVE-2019-515110.0

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a S...

CVE-2019-51149.9

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests c...

CVE-2019-51289.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-51279.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...