An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.
CPE | Name | Operator | Version |
---|---|---|---|
youphptube | eq | 7.2 | |
youphptube | eq | 7.3 | |
youphptube | eq | 2.2 | |
youphptube | eq | 2.4 | |
youphptube | eq | 7.4 | |
youphptube | eq | 5.0 | |
youphptube | eq | 2.7 | |
youphptube | eq | 7.5 | |
youphptube | eq | 3.4 | |
youphptube | eq | 4.0.1 |