CVE-2021-25877

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:youphptube:youphptube:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:55

Type Values Removed Values Added
References () http://avideoyouphptube.com - Broken Link, Product, URL Repurposed () http://avideoyouphptube.com - Broken Link, Product, URL Repurposed
References () https://synacktiv.com - Product () https://synacktiv.com - Product
References () https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - Exploit, Vendor Advisory () https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - Exploit, Vendor Advisory

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://avideoyouphptube.com - Broken Link, Product () http://avideoyouphptube.com - Broken Link, Product, URL Repurposed

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-732 CWE-94

08 Nov 2021, 16:22

Type Values Removed Values Added
References (MISC) https://synacktiv.com - (MISC) https://synacktiv.com - Product
References (MISC) https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - (MISC) https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf - Exploit, Vendor Advisory
References (MISC) http://avideoyouphptube.com - (MISC) http://avideoyouphptube.com - Broken Link, Product
CWE CWE-732
CVSS v2 : unknown
v3 : unknown
v2 : 9.0
v3 : 7.2
CPE cpe:2.3:a:youphptube:youphptube:*:*:*:*:*:*:*:*

01 Nov 2021, 12:46

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-01 12:15

Updated : 2024-11-21 05:55


NVD link : CVE-2021-25877

Mitre link : CVE-2021-25877

CVE.ORG link : CVE-2021-25877


JSON object : View

Products Affected

youphptube

  • youphptube
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')