YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

CVE-2026-5128

creationtimestamp| type| source ---|---|--- 2026-03-30 10:47:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mibidoz2zk2d 2026-03-30 11:15:11+00:00| published-proof-of-concept| Telegram/Jin6gTh1tzwL23OhrQu33HMA83fW66owEqu0xdDcIoPjWG8 2026-03-30 13:03:30+00:00| seen|...

CVE-2025-5128

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible to launch the...

CVE-2025-5128

creationtimestamp| type| source ---|---|--- 2025-05-24 16:21:27+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpwkh6kkwtz2 2025-05-24 16:45:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17493 2025-05-24...

CVE-2025-5128

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible to launch the...

CVE-2025-5128 ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible to launch the...

CVE-2025-5128

CVE-2025-5128 refers to ScriptAndTools Real-Estate-website-in-PHP v1.0. The issue is an SQL injection in the Admin Login Panel via the Password parameter in the /admin/ path, enabling remote exploitation. Public disclosure is noted, and vendor response is absent. Multiple connected sources corrob...

CVE-2025-5128 ScriptAndTools Real-Estate-website-in-PHP Admin Login Panel admin sql injection

A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible to launch the...

CVE-2011-5128

Multiple cross-site scripting XSS vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to 1 inc-options/deinstalloptions.php, 2 inc-options/themeoptions.php, or 3 inc-options/imexportoptions.php, ...

CVE-2019-5128

A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...

CVE-2024-5128

An Insecure Direct Object Reference IDOR vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any datasetprompt or datasetpromptvariation within any dataset or project. The issue ste...

CVE-2019-5128

creationtimestamp| type| source ---|---|--- 2024-01-29 09:41:38+00:00| seen| https://t.me/ctinow/175123 2024-12-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-22 2024-12-24 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities ...

WordPress TCD Google Maps Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)

Software TCD Google Maps Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5128 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 4bab05c071b1 Credits István Márton Required...

Mageia: Security Advisory (MGASA-2017-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5128-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5128

This CVE-2020-5128 entry is rejected/not used and does not represent an active vulnerability.

CVE-2020-5128

...

YouPHPTube Encoder Command Injection (CVE-2019-5127; CVE-2019-5128; CVE-2019-5129)

A command injection vulnerability exists in YouPHPTube Encoder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2019-5128

CVE-2019-5128 affects YouPHPTube Encoder (v2.3) with unauthenticated command injection via the base64Url parameter in /objects/getImageMP4.php, enabling remote code execution and potential full server compromise. Multiple connected sources (Talos, Nuclei templates, and CNVD/Red Hat/NVD entries) c...

YouPHPTube Encoder base64Url multiple command injections

Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...