Ad End 1 August 2026
Ad End 4 july 2026
ad End 17 June 2026
ad End 25 July 2026
banner Expire 27 September 2026
adv exp at 20 April 2026
banner Expire 25 July 2025
Ads end 31 October 2026
What's new
Ad expires at 9 July 2026
Ads end 31 October 2026
Wizard's shop 2.0
RonalClub cc shop
Patrick Stash
Luki Crown
best shop
best shop

YouPHPTube 7.7 SQL Injection Vulnerability

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
8,082
Reaction score
1,062
Points
212
Awards
2
  • trusted user
  • Rich User
----------------------------------------------------------------
YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability
----------------------------------------------------------------

[-] Software Link:
https://www.youphptube.com

[-] Affected Versions:
Version 7.7 and prior versions.

[-] Vulnerability Description:
User input passed through the "live_stream_code" POST parameter to
/plugin/LiveChat/getChat.json.php is not properly sanitized before
being used to construct a SQL query. This can be exploited by malicious
users to e.g. read sensitive data from the database through in-band SQL
Injection attacks. Successful exploitation of this vulnerability
requires the "Live Chat" plugin to be enabled (disabled by default).

[-] Solution:
Upgrade to version 7.8 or later.

[-] Disclosure Timeline:
[31/10/2019] - Issue reported to https://git.io/JeD2U
[02/11/2019] - CVE number assigned
[02/12/2019] - Versions 7.8 released
[04/12/2019] - Publication of this advisory

[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)

has assigned the name CVE-2019-18662 to this vulnerability.
 
Ad End 1 November 2024
Top