CVE-2019-16124

Published: Sep 9, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.

Affected (1)

Products: Youphptube: Youphptube

Youphptube

1 product

Youphptube

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Youphptube Youphptube	Up to 7.4

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883

Source: cve@mitre.org

PatchThird Party Advisory

https://www.exploit-db.com/exploits/47326

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://zerodays.lol/

Source: cve@mitre.org

Third Party AdvisoryURL Repurposed

https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.exploit-db.com/exploits/47326

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://zerodays.lol/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryURL Repurposed

Timeline

No history available yet.