CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5114

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile19.83th
PublishedOct 25, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.

Affected Platforms (CPE)

📦
Youphptube

Youphptube

= 7.6

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0906
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0906

Related Vulnerabilities

CVE-2019-515110.0

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a S...

CVE-2019-51289.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-161249.8

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the c...

CVE-2019-51279.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...