5 matches found
YouPHPTube Encoder 2.3 - Remote Command Injection
YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php. id: CVE-2019-5127 info: name: YouPHPTube Encoder 2.3 ...
CVE-2019-5127
creationtimestamp| type| source ---|---|--- 2024-01-29 09:41:37+00:00| seen| https://t.me/ctinow/175122 2024-05-22 06:15:17+00:00| seen| https://t.me/CyberSecurityTechnologies/2661 2024-12-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-22 2024-12-26...
YouPHPTube Encoder Command Injection (CVE-2019-5127; CVE-2019-5128; CVE-2019-5129)
A command injection vulnerability exists in YouPHPTube Encoder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2019-5127
YouPHPTube Encoder 2.3 is vulnerable to unauthenticated command injections via the base64Url parameter in /objects/getImage.php (also seen in related endpoints such as getImageMP4.php and getSpiritsFromVideo.php). Exploitation can lead to remote code execution and full server compromise. The TALO...
YouPHPTube Encoder base64Url multiple command injections
Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...