6 matches found
YouPHPTube Encoder - Arbitrary File Write
Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. id: CVE-2019-5128 info: name: YouPHPTube Encoder - Arbitrary...
CVE-2019-5128
A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in...
CVE-2019-5128
creationtimestamp| type| source ---|---|--- 2024-01-29 09:41:38+00:00| seen| https://t.me/ctinow/175123 2024-12-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-22 2024-12-24 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities ...
YouPHPTube Encoder Command Injection (CVE-2019-5127; CVE-2019-5128; CVE-2019-5129)
A command injection vulnerability exists in YouPHPTube Encoder. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2019-5128
CVE-2019-5128 affects YouPHPTube Encoder (v2.3) with unauthenticated command injection via the base64Url parameter in /objects/getImageMP4.php, enabling remote code execution and potential full server compromise. Multiple connected sources (Talos, Nuclei templates, and CNVD/Red Hat/NVD entries) c...
YouPHPTube Encoder base64Url multiple command injections
Summary Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific...