YouPHPTube Encoder 2.3 - Remote Command Injection

YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php. id: CVE-2019-5127 info: name: YouPHPTube Encoder 2.3 ...

CVE-2021-47750

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

CVE-2021-47749

YouPHPTube = 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the...

CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting

YouPHPTube = 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they...

CVE-2021-47750

YouPHPTube versions up to 7.8 contain a cross-site scripting (XSS) vulnerability in the redirectUri parameter of the signup page, allowing an attacker to craft signups that execute arbitrary JavaScript in victims’ browsers. The root cause is improper handling of the redirectUri in the signup flow...

EUVD-2019-8379

Malware in sbrugna...

EUVD-2019-14722

Malware in sbrugna...

EUVD-2019-14719

Malware in sbrugna...

EUVD-2019-14725

Malware in sbrugna...

EUVD-2021-12757

Malware in sbrugna...

CVE-2021-25876

AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...

CVE-2019-5122

SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php...

YouPHPTube&lt;= 7.8 - Multiple Vulnerabilities

Exploit Title: YouPHPTube getLanguage; if !empty$GET'lang' $GET'lang' = striptags$GET'lang'; $SESSION'language' = $GET'lang'; @includeonce "$global'systemRootPath'locale/$SESSION'language'.php"; The parameter "lang" can be modified and load a ph...

YouPHPTube 7.8 Local File Inclusion / Directory Traversal

Exploit Title: YouPHPTube getLanguage; if !empty$GET'lang' $GET'lang' = striptags$GET'lang'; $SESSION'language' = $GET'lang'; @includeonce "$global'systemRootPath'locale/$SESSION'language'.php"; The parameter "lang" can...

YouPHPTube catName parameter SQL injection vulnerability

YouPHPTube is a PHP-based video website system. youPHPTube is vulnerable to SQL injection in version 10.0 and earlier, which stems from the lack of validation of external input SQL statements for the catName parameter. An attacker could use this vulnerability to execute illegal SQL commands to...

CVE-2021-25875

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...

CVE-2021-25876

AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...

CVE-2021-25875

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...

CVE-2021-25874

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes...

Cross site scripting

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator...