CVE-2019-5151

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-5151

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5151.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-5151

Published

2019-10-31T20:15:11.460Z

Modified

2025-11-14T09:49:55.803638Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0941

Affected packages

Git / github.com/youphptube/youphptube

Affected ranges

Type: GIT
Repo: https://github.com/youphptube/youphptube
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1df01c93e48fed493c8d884e480690ca02874710

Affected versions

2.*

2.2

2.4

2.7

3.*

3.4

3.4.1

4.*

4.0

4.0.1

4.0.2

5.*

5.0

6.*

6.5

7.*

7.2

7.3

7.4

7.5

7.6

7.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5151.json"