CVE-2021-25874

HIGH

youphptube < 10.0 - Unauthenticated SQL Injection via catName Parameter

Title source: llm
STIX 2.1

Description

AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes.

References (3)

Core 3
Core References
Broken Link, Product, URL Repurposed x_refsource_misc
http://avideoyouphptube.com

Scores

CVSS v3 7.5
EPSS 0.0168
EPSS Percentile 74.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
youphptube/youphptube < 10.0
Published Nov 01, 2021
Tracked Since Feb 18, 2026