CVE-2021-25877

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.

Ссылки

http://avideoyouphptube.com
Broken Link
Product
URL Repurposed
https://synacktiv.com
Product
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf
Exploit
Vendor Advisory
http://avideoyouphptube.com
Broken Link
Product
URL Repurposed
https://synacktiv.com
Product
https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:youphptube:youphptube:*:*:*:*:*:*:*:*

Версия до 10.0 (включая)

EPSS

Процентиль: 79%

0.01204

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-mjww-cghr-9678