CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5127

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile13.51th
PublishedOct 25, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.

Affected Platforms (CPE)

📦
Youphptube

Youphptube Encoder

= 2.3

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917

Related Vulnerabilities

CVE-2019-51289.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-51299.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-420210.0

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted requ...

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....