YouPHPTube Encoder 2.3 - Remote Command Injection

YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php. id: CVE-2019-5127 info: name: YouPHPTube Encoder 2.3 ...

YouPHPTube Encoder 2.3 - Command Injection

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5129 info: name: YouPHPTube Encoder 2.3 - Command...

YouPHPTube Encoder - Arbitrary File Write

Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...

CVE-2021-47750

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

CVE-2021-47750

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

CVE-2021-47749

YouPHPTube = 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the...

CVE-2021-47749

YouPHPTube = 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the...

CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

CVE-2021-47750

YouPHPTube versions up to 7.8 contain a cross-site scripting (XSS) vulnerability in the redirectUri parameter of the signup page, allowing an attacker to craft signups that execute arbitrary JavaScript in victims’ browsers. The root cause is improper handling of the redirectUri in the signup flow...

CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

CVE-2021-47749 YouPHPTube <= 7.8 - Directory Traversal

YouPHPTube = 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the...

CVE-2021-47749 YouPHPTube <= 7.8 - Directory Traversal

YouPHPTube = 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the...

CVE-2021-47749

YouPHPTube

PT-2026-2359

Name of the Vulnerable Software and Affected Versions YouPHPTube versions prior to 7.9 Description The software contains a cross-site scripting issue that allows attackers to inject malicious scripts. This is achieved by manipulating the redirectUri parameter within the signup page. Successful...

PT-2026-2358

Name of the Vulnerable Software and Affected Versions YouPHPTube versions prior to 7.9 Description The software contains a local file inclusion issue that allows unauthenticated attackers to access arbitrary files. This is possible by manipulating the lang parameter in GET requests. The path...

YouPHPTube 路径遍历漏洞

YouPHPTube is YouPHPTube open source a PHP-based video website system . YouPHPTube 7.8 and earlier versions of the path traversal vulnerability , the vulnerability stems from improper manipulation of the lang parameter in the GET request , which could lead to local file containment...

YouPHPTube 跨站脚本漏洞

YouPHPTube is a PHP-based video website system. A cross-site scripting vulnerability exists in YouPHPTube 7.8 and earlier versions, which stems from a cross-site scripting vulnerability in the redirectUri parameter in the signup page, which could lead to the execution of arbitrary JavaScript...

CVE-2019-18662

An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

EUVD-2021-12754

Malware in sbrugna...