CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-16124

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile5.28th
Published2019年9月9日
Last Modified2024年11月21日

Vulnerability Description

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.

Affected Platforms (CPE)

📦
Youphptube

Youphptube

<= 7.4

References & Advisories

🔗 https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883
🔗 https://www.exploit-db.com/exploits/47326
🔗 https://zerodays.lol/
🔗 https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883
🔗 https://www.exploit-db.com/exploits/47326
🔗 https://zerodays.lol/

関連する脆弱性情報

CVE-2019-515110.0

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a S...

CVE-2019-51149.9

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests c...

CVE-2019-51289.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-51279.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...