Skip to main content

Youphptube CVE-2021-25874

HIGH
SQL Injection (CWE-89)
2021-11-01 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 01, 2021 - 12:15 nvd
HIGH 7.5

DescriptionNVD

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

AnalysisAI

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. Affected products include: Youphptube.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2019-5114 CRITICAL POC
9.9 Oct 25

An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Rated critical severit

CVE-2019-5151 CRITICAL POC
9.8 Oct 31

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Rated critical severity (CVSS 9.8), this vulnerabili

CVE-2019-16124 CRITICAL POC
9.8 Sep 09

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to

CVE-2019-5123 HIGH POC
8.8 Oct 25

Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. Rated high severity (CVSS 8.8), this vulnerab

CVE-2019-5122 HIGH POC
8.8 Oct 25

SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS 8.8), this v

CVE-2019-5121 HIGH POC
8.8 Oct 25

SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS 8.8), this v

CVE-2019-5120 HIGH POC
8.8 Oct 25

An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS

CVE-2019-5117 HIGH POC
8.8 Oct 25

Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Rated high severity (CV

CVE-2019-5116 HIGH POC
8.8 Oct 25

An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Rated high severity (CVSS

CVE-2019-5150 HIGH POC
8.1 Oct 31

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Rated high severity (CVSS 8.1), this vulnerability i

CVE-2021-25877 HIGH POC
7.2 Nov 01

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. Rated high severity (CVSS 7.2), this vulnerability

CVE-2021-25878 MEDIUM POC
6.1 Nov 01

AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoN

Share

CVE-2021-25874 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy