CVE-2019-16124

CRITICAL

YouPHPTube 7.4 - Info Disclosure

Title source: llm

Description

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code.

Exploits (1)

exploitdb WORKING POC

by Damian Ebelties · textwebappsphp

https://www.exploit-db.com/exploits/47326

View Code ZIP pw:eip

References (3)

[Patch, Third Party Advisory] https://github.com/YouPHPTube/YouPHPTube/commit/b32b410c9191c3c5db888514c29d7921f124d883

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/47326

[Third Party Advisory, URL Repurposed] https://zerodays.lol/

Scores

CVSS v3 9.8

EPSS 0.0212

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (1)

youphptube/youphptube < 7.4

Published Sep 09, 2019

Tracked Since Feb 18, 2026