Vulnerability Details CVE-2021-47749
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.1%
CVSS Severity
CVSS v3 Score 6.2
References
Products affected by CVE-2021-47749
-
cpe:2.3:a:youphptube:youphptube:-
-
cpe:2.3:a:youphptube:youphptube:2.2
-
cpe:2.3:a:youphptube:youphptube:2.4
-
cpe:2.3:a:youphptube:youphptube:2.7
-
cpe:2.3:a:youphptube:youphptube:3.4
-
cpe:2.3:a:youphptube:youphptube:3.4.1
-
cpe:2.3:a:youphptube:youphptube:4.0
-
cpe:2.3:a:youphptube:youphptube:4.0.1
-
cpe:2.3:a:youphptube:youphptube:4.0.2
-
cpe:2.3:a:youphptube:youphptube:5.0
-
cpe:2.3:a:youphptube:youphptube:6.5
-
cpe:2.3:a:youphptube:youphptube:7.2
-
cpe:2.3:a:youphptube:youphptube:7.3
-
cpe:2.3:a:youphptube:youphptube:7.4
-
cpe:2.3:a:youphptube:youphptube:7.6
-
cpe:2.3:a:youphptube:youphptube:7.7