Lucene search
GoogleOSV:CVE-2019-18662HistoryNov 02, 2019 - 3:15 p.m.
CVE-2019-18662
2019-11-0215:15:10
Google
osv.dev
2
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| youphptube | eq | 7.2 | |
| youphptube | eq | 7.3 | |
| youphptube | eq | 2.2 | |
| youphptube | eq | 2.4 | |
| youphptube | eq | 7.4 | |
| youphptube | eq | 5.0 | |
| youphptube | eq | 2.7 | |
| youphptube | eq | 7.7 | |
| youphptube | eq | 7.5 | |
| youphptube | eq | 3.4 |
Related
packetstorm
packetstorm
YouPHPTube 7.7 SQL Injection
2019-12-04 00:00:00
nvd
nvd
CVE-2019-18662
2019-11-02 15:15:10
cve
cve
CVE-2019-18662
2019-11-02 15:15:10
prion
prion
Sql injection
2019-11-02 15:15:00
cvelist
cvelist
CVE-2019-18662
2019-11-02 14:06:20
zdt
zdt
YouPHPTube 7.7 SQL Injection Vulnerability
2019-12-05 00:00:00