banner Expire 1 October 2024
Ad Ends 13 October 2024
banner Expire 15 January 2025
Ad Ends 13 October 2024
banner Expire 18 October 2024
banner Expire 16 November 2024
ad expire at 08 november 2024
Menu
What's new
By:
Filters
banner Expire 16 November 2024
Ad Ends 20 January 2025
banner Expire 11 November 2024
Adv exp on 11 NOv 2024
ad End 18 October 2024
Ad expire at 5 August 2024
banner Expire 20 October 2024
Western union transfer
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

Youphptube 7.7 Sql Injection Vulnerability

ESCO

ESCO

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 28, 2020
Messages
6,506
Reaction score
713
Points
212
Awards
2
  • Somebody Likes you
  • First post
YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability
----------------------------------------------------------------

[-] Software Link:
https://www.youphptube.com

[-] Affected Versions:
Version 7.7 and prior versions.

[-] Vulnerability Description:
User input passed through the "live_stream_code" POST parameter to
/plugin/LiveChat/getChat.json.php is not properly sanitized before
being used to construct a SQL query. This can be exploited by malicious
users to e.g. read sensitive data from the database through in-band SQL
Injection attacks. Successful exploitation of this vulnerability
requires the "Live Chat" plugin to be enabled (disabled by default).
[-] Solution:
Upgrade to version 7.8 or later.

[-] Disclosure Timeline:
[31/10/2019] - Issue reported to https://git.io/JeD2U
[02/11/2019] - CVE number assigned
[02/12/2019] - Versions 7.8 released
[04/12/2019] - Publication of this advisory

[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2019-18662 to this vulnerability.
 
You must log in or register to reply here.
Ad End 1 October 2024
Top