CVE-2019-5150

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-5150

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5150.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-5150

Published

2019-10-31T20:15:11.380Z

Modified

2026-04-10T04:18:26.686145Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0940

Affected packages

Git / github.com/youphptube/youphptube

Affected ranges

Type

GIT

Repo

https://github.com/youphptube/youphptube

Events

Introduced

Last affected

1df01c93e48fed493c8d884e480690ca02874710

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.7"
        }
    ]
}

Affected versions

2.*

2.2

2.7

3.*

3.4

4.*

4.0

7.*

7.2

7.3

7.4

7.6

7.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-5150.json"