Vulnerability Details CVE-2019-16124
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883
- https://www.exploit-db.com/exploits/47326
- https://zerodays.lol/
- https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883
- https://www.exploit-db.com/exploits/47326
- https://zerodays.lol/
Products affected by CVE-2019-16124
-
cpe:2.3:a:youphptube:youphptube:-
-
cpe:2.3:a:youphptube:youphptube:2.2
-
cpe:2.3:a:youphptube:youphptube:2.4
-
cpe:2.3:a:youphptube:youphptube:2.7
-
cpe:2.3:a:youphptube:youphptube:3.4
-
cpe:2.3:a:youphptube:youphptube:3.4.1
-
cpe:2.3:a:youphptube:youphptube:4.0
-
cpe:2.3:a:youphptube:youphptube:4.0.1
-
cpe:2.3:a:youphptube:youphptube:4.0.2
-
cpe:2.3:a:youphptube:youphptube:5.0
-
cpe:2.3:a:youphptube:youphptube:6.5
-
cpe:2.3:a:youphptube:youphptube:7.2
-
cpe:2.3:a:youphptube:youphptube:7.3
-
cpe:2.3:a:youphptube:youphptube:7.4