CVE-2019-5123

Summary

Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php.

Affected Software

VendorProductVersion RangeStatus
n/aYouPHPTubeYouPHPTube 6.2 ,YouPHPTube 7.6 ,YouPHPTube 7.7 commit 64d35de96e43c5e5b3d582162c12b86eec7e986b (Oct 1st 2019)affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

References