Vulnerability Details CVE-2021-25874
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-25874
-
cpe:2.3:a:youphptube:youphptube:-
-
cpe:2.3:a:youphptube:youphptube:10.0
-
cpe:2.3:a:youphptube:youphptube:2.2
-
cpe:2.3:a:youphptube:youphptube:2.4
-
cpe:2.3:a:youphptube:youphptube:2.7
-
cpe:2.3:a:youphptube:youphptube:3.4
-
cpe:2.3:a:youphptube:youphptube:3.4.1
-
cpe:2.3:a:youphptube:youphptube:4.0
-
cpe:2.3:a:youphptube:youphptube:4.0.1
-
cpe:2.3:a:youphptube:youphptube:4.0.2
-
cpe:2.3:a:youphptube:youphptube:5.0
-
cpe:2.3:a:youphptube:youphptube:6.5
-
cpe:2.3:a:youphptube:youphptube:7.2
-
cpe:2.3:a:youphptube:youphptube:7.3
-
cpe:2.3:a:youphptube:youphptube:7.4
-
cpe:2.3:a:youphptube:youphptube:7.6
-
cpe:2.3:a:youphptube:youphptube:7.7