2 matches found
CVE-2019-5122
SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php...
CVE-2019-5122
YouPHPTube 7.6 exposes authenticated SQL injection vulnerabilities in /objects/pluginSwitch.json.php (parameters uuid, name, dir). The Talos report confirms exploitable injections that could exfiltrate information such as usernames and password hashes and, in some configs, access the underlying O...