CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-5128

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile37.53th
Published2019年10月25日
Last Modified2024年11月21日

Vulnerability Description

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack.

Affected Platforms (CPE)

📦
Youphptube

Youphptube Encoder

= 2.3

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917

関連する脆弱性情報

CVE-2019-51279.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-51299.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-1302010.0

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse....

CVE-2019-1664910.0

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual med...