CVEDB API

Vulnerabilities

Vulnerable Software

Youphptube: >> Youphptube >> 10.0 Security Vulnerabilities

CVE-2021-25875

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.

CVSS Score

6.1

EPSS Score

0.004

Published

2021-11-01

CVE-2021-25876

AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.

CVSS Score

6.1

EPSS Score

0.004

Published

2021-11-01

CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.

CVSS Score

7.2

EPSS Score

0.012

Published

2021-11-01

CVE-2021-25878

AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.

CVSS Score

6.1

EPSS Score

0.004

Published

2021-11-01

CVE-2021-25874

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

CVSS Score

7.5

EPSS Score

0.011

Published

2021-11-01

Page 1

Vulnerabilities

Vulnerable Software

Youphptube: >> Youphptube >> 10.0 Security Vulnerabilities

Products

Pricing

Contact Us