exploitDog

CVE-2021-47749

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.

Ссылки

https://web.archive.org/web/20170506141644/https://www.youphptube.com/
Not Applicable
https://www.exploit-db.com/exploits/51101
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/youphptube-directory-traversal
Third Party Advisory
https://www.exploit-db.com/exploits/51101
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:youphptube:youphptube:*:*:*:*:*:*:*:*

Версия до 7.8 (включая)

EPSS

Процентиль: 39%

0.00175

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-wh68-5mwp-jcp3

CVSS3: 6.2

github

25 дней назад

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outside the intended directory by using directory traversal sequences.

EPSS

Процентиль: 39%

0.00175

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-22