CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-5114

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile19.83th
Published2019年10月25日
Last Modified2024年11月21日

Vulnerability Description

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.

Affected Platforms (CPE)

📦
Youphptube

Youphptube

= 7.6

References & Advisories

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0906
🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0906

相关漏洞威胁

CVE-2019-515110.0

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a S...

CVE-2019-51289.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...

CVE-2019-161249.8

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the c...

CVE-2019-51279.8

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. E...