Filtered by vendor Youphptube
Subscribe
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18662 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | |||||
| CVE-2019-16124 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code. | |||||
| CVE-2019-14430 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection. | |||||