CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-5151

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile3.04th
Published2019年10月31日
Last Modified2024年11月21日

Vulnerability Description

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.

Affected Platforms (CPE)

📦
Youphptube

Youphptube

= 7.7

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941

関連する脆弱性情報

CVE-2019-51149.9

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests c...

CVE-2019-51279.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-161249.8

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the c...

CVE-2019-51289.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...