Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 5 january 2024
adv ex on 22 February 2024
Banner expire 20 November 2024
Kfc Club

Patrick Stash
casino
banner expire at 13 August 2024
BidenCash Shop
Rescator cvv and dump shop
Yale lodge shop
UniCvv
banner Expire 1 April  2021

Neon Ghost

TRUSTED VENDOR
Staff member
Joined
Dec 3, 2020
Messages
1,783
YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability
----------------------------------------------------------------

[-] Software Link:
You must reply in thread to view hidden text.

[-] Affected Versions:
Version 7.7 and prior versions.

[-] Vulnerability Description:
User input passed through the "live_stream_code" POST parameter to
/plugin/LiveChat/getChat.json.php is not properly sanitized before
being used to construct a SQL query. This can be exploited by malicious
users to e.g. read sensitive data from the database through in-band SQL
Injection attacks. Successful exploitation of this vulnerability
requires the "Live Chat" plugin to be enabled (disabled by default).

[-] Solution:
Upgrade to version 7.8 or later.

[-] Disclosure Timeline:
[31/10/2019] - Issue reported to https://git.io/JeD2U
[02/11/2019] - CVE number assigned
[02/12/2019] - Versions 7.8 released
[04/12/2019] - Publication of this advisory

[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2019-18662 to this vulnerability....
 
Top Bottom