Vulnerabilities > Youphptube > Youphptube > 4.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-11-01 CVE-2021-25874 SQL Injection vulnerability in Youphptube
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.
network
low complexity
youphptube CWE-89
7.5
7.5
2021-11-01 CVE-2021-25875 Cross-site Scripting vulnerability in Youphptube
AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
network
low complexity
youphptube CWE-79
6.1
6.1
2021-11-01 CVE-2021-25876 Cross-site Scripting vulnerability in Youphptube
AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
network
low complexity
youphptube CWE-79
6.1
6.1
2021-11-01 CVE-2021-25877 Code Injection vulnerability in Youphptube
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write.
network
low complexity
youphptube CWE-94
7.2
7.2
2021-11-01 CVE-2021-25878 Cross-site Scripting vulnerability in Youphptube
AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator.
network
low complexity
youphptube CWE-79
6.1
6.1
2019-11-02 CVE-2019-18662 SQL Injection vulnerability in Youphptube
An issue was discovered in YouPHPTube through 7.7.
network
low complexity
youphptube CWE-89
critical
 9.8
9.8
2019-09-09 CVE-2019-16124 Missing Authorization vulnerability in Youphptube
In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.
network
low complexity
youphptube CWE-862
critical
 9.8
9.8
2019-08-20 CVE-2019-14430 SQL Injection vulnerability in Youphptube
plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.
network
low complexity
youphptube CWE-89
5.3
5.3