Shodan
Vulnerabilities
Vulnerable Software
Youphptube:  >> Youphptube  >> 7.4  Security Vulnerabilities
CVE-2021-25875
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-11-01
CVE-2021-25876
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-11-01
CVE-2021-25877
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
CVSS Score
7.2
EPSS Score
0.012
Published
2021-11-01
CVE-2021-25878
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-11-01
CVE-2021-25874
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
CVSS Score
7.5
EPSS Score
0.011
Published
2021-11-01
CVE-2019-18662
An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-02
CVE-2019-16124
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved