Lucene search
GoogleOSV:CVE-2019-5120HistoryOct 25, 2019 - 6:15 p.m.
CVE-2019-5120
2019-10-2518:15:11
Google
osv.dev
1
An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| youphptube | eq | 7.2 | |
| youphptube | eq | 7.3 | |
| youphptube | eq | 2.2 | |
| youphptube | eq | 2.4 | |
| youphptube | eq | 7.4 | |
| youphptube | eq | 5.0 | |
| youphptube | eq | 2.7 | |
| youphptube | eq | 7.5 | |
| youphptube | eq | 3.4 | |
| youphptube | eq | 4.0.1 |
Related
talos
talos
cvelist
cvelist
CVE-2019-5120
2019-10-25 17:29:20
nvd
nvd
CVE-2019-5120
2019-10-25 18:15:11
cve
cve
CVE-2019-5120
2019-10-25 18:15:11
prion
prion
Sql injection
2019-10-25 18:15:00
talosblog
talosblog
Vulnerability Spotlight: Multiple vulnerabilities in YouPHPTube
2019-10-30 06:27:28