AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
References
Link | Resource |
---|---|
http://avideoyouphptube.com | Broken Link Product URL Repurposed |
https://synacktiv.com | Product |
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf | Exploit Vendor Advisory |
http://avideoyouphptube.com | Broken Link Product URL Repurposed |
https://synacktiv.com | Product |
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf | Exploit Vendor Advisory |
Configurations
History
21 Nov 2024, 05:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://avideoyouphptube.com - Broken Link, Product, URL Repurposed | |
References | () https://synacktiv.com - Product | |
References | () https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - Exploit, Vendor Advisory |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://avideoyouphptube.com - Broken Link, Product, URL Repurposed |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 |
08 Nov 2021, 16:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://synacktiv.com - Product | |
References | (MISC) https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - Exploit, Vendor Advisory | |
References | (MISC) http://avideoyouphptube.com - Broken Link, Product | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 7.2 |
CPE | cpe:2.3:a:youphptube:youphptube:*:*:*:*:*:*:*:* |
01 Nov 2021, 12:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-01 12:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-25877
Mitre link : CVE-2021-25877
CVE.ORG link : CVE-2021-25877
JSON object : View
Products Affected
youphptube
- youphptube
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')